Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware and/or virus - cannot remove - help!


  • This topic is locked This topic is locked
17 replies to this topic

#1 joeanonymous

joeanonymous

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 06 February 2009 - 04:30 PM

Please help! Posted about two weeks ago with no response. Thought I would try again.
Google unusable. Google results are altered. Tried Malwarebytes' Anti-Malware, Lavasoft Ad-Aware and Spybot Search and Destroy but nothing fixeds the problem. Here's my original post:

Google search results return links to other websites. For example, if I search for my own company website by name on google, it will return the correct description but the link is to another unrelated site usually trying to sell me something. The same google search on another unaffected computer would list my company website with the correct link as the first search result. The same thing happens when I try other google searches on my computer where I know what the results should be. I get the correct description but the incorrect link. Also, when google does the search, it takes unusually long to display the results. It also takes unusually long when the google result link (which is the wrong link) is hit to take me to the incorrect website. I hope I have described the problem accurately enough. If not, please let me know any other information you require to describe the problem. I tend to use google every day and need it for both personal and work.

I have tried running several anti-virus software packages. I have Norton SystemWorks 2002 (with updated definitions) and ran a complete scan which took several hours and did not find anything. As instructed by one of the google support pages, I also installed and ran full scans using Malwarebytes' Anti-Malware, Lavasoft Ad-Aware and Spybot Search and Destroy in that order. Each programs detected problems with my computer and I ran each of the fixes as instructed by each program. None of these fixed the problem and I continue to get false google search results. Further research into my problem (using another uninfected computer) indicates that I should use HijackThis and post the results to an expert who can instruct me on how to proceed. Further searching lead me to your website and tutorial on HijackThis which instructed me to install and run DDS which I have done. The contents of the DDS.txt file are pasted below. I have also attached the Attach.txt file as instructed.

Please help!! Let me know any other information you require. Thank you.

JoeAnonymous


DDS (Ver_09-01-19.01) - NTFSx86
Run by Del Real at 13:49:42.46 on Tue 01/27/2009
Internet Explorer: 7.0.5730.11

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [RealPlayer] "c:\program files\real\realone player\realplay.exe" /RunUPGToolCommandReBoot
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [StatusClient 2.6] c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} - hxxp://office.microsoft.com/productupdates/content/opuc.cab
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37623.7840625
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxp://liveca04.rightnowtech.com/sonystyle/sonystyle/rnt/rnl/java/RntX.cab

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-01-26 16:47 4,107 a------- c:\windows\wininit.ini
2009-01-26 15:46 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-26 15:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-26 15:33 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-26 15:00 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-26 14:40 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-26 13:02 <DIR> --d----- c:\docume~1\delrea~1\applic~1\Malwarebytes
2009-01-26 13:02 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-26 13:02 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-26 13:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-26 13:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-23 13:50 664 a------- c:\windows\system32\d3d9caps.dat
2009-01-23 13:38 <DIR> --d----- c:\documents and settings\del real\.housecall6.6

==================== Find3M ====================

2009-01-26 17:06 2,883 a------- c:\windows\system32\HPANT.DAT
2008-12-12 22:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 02:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 02:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-07 16:45 2,174,976 -------- c:\windows\system32\dllcache\WMVCore.dll
2008-08-19 12:40 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 13:51:04.64 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:01:03 PM

Posted 06 February 2009 - 05:03 PM

Hello joeanonymous,

Welcome to Bleeping Computer (B.C.)!
I'm DocSatan and I will be helping you with your computer problems. I will be researching your DDS Log and shall get back to you ASAP. :thumbup2:

In the meantime I have a couple of "rules" that I need to lay down before we get going:

In order for me to be effective in helping you with your computer problem(s):
  • Do not seek help at other Help Forums while we are working together. This will only confuse things.
  • Do not make any changes to your system until we have finished. Changes include the following:
  • Deleting Files/Folders
  • Running tools such as Anti-Virus, Anti-Spyware, etc., that will delete Files/folders.
  • Downloading and installing programs.
  • Running Fixes from other Help Forums
If you feel that you CAN follow these rules, then we can continue to work together to fix your computer problem(s). :)

#3 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:01:03 PM

Posted 06 February 2009 - 05:32 PM

joeanonymous,

Just noticed that you posted the DDS Log from Jan 27, 2009. A lot can happen in 11 days, and I'm sure that this current log no longer represents the current state of your computer. I will need you to post a new DDS Log, please.

If you have deleted the previous DDS scanner from your computer already, then please click HERE to download and run DDS again.
  • Be sure to disable any script-blocking programs that you might have installed on your computer before double-clicking on dds.scr.
If you still have the DDS scanner on your computer, then delete the 2 documents that it produced from Jan 27, and then double-click on the dds.scr to run the tool again.
  • Be sure to disable any script-blocking programs that you might have installed on your computer before double-clicking on dds.scr.
Please post the results of the dds.txt in a reply to this topic.

Doc.

#4 joeanonymous

joeanonymous
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 06 February 2009 - 06:44 PM

Thanks for your reply DocSatan.

I will run a new DDS log as soon as I can. Unfortunately the infected computer is my computer at work and I will not be back in the office until Monday afternoon. As soon as I get in, I will run the scan.

Do you want me to post the results as a reply to this thread or should I start a whole new topic? Please let me know and I will follow your instructions.

THank you in advance for your assistance. I sincerely appreciate it.

JoeAnonymous

#5 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:01:03 PM

Posted 06 February 2009 - 07:04 PM

Hey joeanonymous,

Yup, post the results of the dds.txt as a REPLY to this topic.

I noticed that the log that you did post was not the whole log. A lot of information was missing, which I need to properly research your computer problem. This happens sometimes when highlighting and copying text. The best way to insure that you get all of the text is to:
  • Click on the Edit button in the top left of the open text document (notepad).
  • Scroll down to Select All and click on it.
  • Then click on Edit again and scroll down to Copy and click on that.

THank you in advance for your assistance. I sincerely appreciate it.


Your Welcome in advance! :thumbup2:

#6 joeanonymous

joeanonymous
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 09 February 2009 - 04:27 PM

Hi DocSatan,

I have re-run dds.scr as requested. I am posting the results of dds.txt below as instructed and also attaching the file attach.txt. Please let me know if there is anything else I need to do. I am awaiting your instructions. Thanks.

JoeAnonymous


DDS (Ver_09-01-19.01) - NTFSx86
Run by Del Real at 13:16:28.44 on Mon 02/09/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.97 [GMT -8:00]

AV: Norton AntiVirus 2005 *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Del Real\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [RealPlayer] "c:\program files\real\realone player\realplay.exe" /RunUPGToolCommandReBoot
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [StatusClient 2.6] c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} - hxxp://office.microsoft.com/productupdates/content/opuc.cab
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37623.7840625
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxp://liveca04.rightnowtech.com/sonystyle/sonystyle/rnt/rnl/java/RntX.cab

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-26 64160]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\SAVRTPEL.SYS [2004-7-23 50312]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090204.021\NAVENG.Sys [2009-2-4 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090204.021\NavEx15.Sys [2009-2-4 876112]
R3 SAVRT;SAVRT;c:\program files\norton antivirus\SAVRT.SYS [2004-7-23 338056]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-8-13 198248]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-8-13 181864]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 942416]
R4 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2004-8-30 177264]
R4 NProtectService;Norton Unerase Protection;c:\program files\norton systemworks\norton utilities\NPROTECT.EXE [2003-1-6 135168]
R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-3-9 819352]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-8-13 79464]
S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVSCAN.EXE [2004-7-23 198368]
S4 hpbecp00;hpbecp00;c:\windows\system32\drivers\HPBECP00.SYS [1997-11-17 28768]
S4 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2004-8-30 67184]

=============== Created Last 30 ================

2009-01-26 16:47 4,107 a------- c:\windows\wininit.ini
2009-01-26 15:46 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-26 15:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-26 15:33 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-26 15:00 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-26 14:40 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-26 13:02 <DIR> --d----- c:\docume~1\delrea~1\applic~1\Malwarebytes
2009-01-26 13:02 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-26 13:02 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-26 13:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-26 13:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-23 13:50 664 a------- c:\windows\system32\d3d9caps.dat
2009-01-23 13:38 <DIR> --d----- c:\documents and settings\del real\.housecall6.6

==================== Find3M ====================

2009-02-06 14:01 2,883 a------- c:\windows\system32\HPANT.DAT
2008-12-12 22:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 02:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-08-19 12:40 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 13:17:45.27 ===============

Attached Files



#7 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:01:03 PM

Posted 10 February 2009 - 08:11 AM

joeanonymous,

I have your log. Give me some time to research it and I will get back to ASAP. :thumbup2:

Doc.

Edited by DocSatan, 10 February 2009 - 08:11 AM.


#8 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:01:03 PM

Posted 11 February 2009 - 06:50 PM

joeanonymous,

Sorry for the wait.

1. You have/had a program on this computer called: View Point Manager.
We recommend that you remove this program as it is classified as Adware/Potentially Unwanted Program (PUP). You can read about this program here: McAffee.com

Following installation, the software transmits search terms entered into search engines and provides contextual advertisements in a configurable toolbar. The Manager component also communicates with remote servers for self-update functions.

I only see one instance of this program on your computer (ViewpointService.exe), perhaps the tools you ran previously might have removed the other files already. Do you recall?

It may have already been removed and just the executable file is left. Go to Add/Remove Programs (Start --> Control Panel --> Add/Remove Programs) and see if any of the following programs are listed:
  • Viewpoint Toolbar
  • Viewpoint Media Player
  • Viewpoint Manager
If they are present you should be able to remove them by clicking uninstall/remove to the right of the program.
If they are NOT present in the Add/Remove Programs list, then please delete the following folder:
  • c:\program files\viewpoint <-- This Folder.
2. Uninstall outdated Java
  • Go to Add/Remove Programs (Start --> Control Panel --> Add/Remove Programs)
  • Keep Java™ 6 update 11
  • Uninstall/Remove all of the previous Java Updates. They are vulnerable to infection.
Download ComboFix

1. Please Download ComboFix
Here is a Tutorial on using ComboFix: A guide and tutorial on using ComboFix
  • Save it to your Desktop
  • Do NOT run ComboFix yet
  • Here are some alternative links to download ComboFix, if the above one is not working for you:
  • Link 1
    Link 2
2. Disable Your AntiVirus and AntiSpyware Programs
  • You should be able to Right-Click on the program's icon in the System Tray and get an option to shut-down/disable each program.
  • These programs may interfere with our fix. We will re-enable them when we are done.
3. Double click on ComboFix.exe that you just saved to your Desktop
  • Follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. The Recovery Console will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • It is strongly recommended to have the Recovery Console installed on your machine before doing any malware removal.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Posted Image

NOTE: If the Microsoft Windows Recovery Console is already installed, you will not receive a prompt from ComboFix regarding the Recovery Console.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
4. Re-enable Your AntiVirus and AntiSpyware Programs That You Disabled in Step 2.

5. What I need in Your Next Reply:
  • ComboFix.txt


#9 joeanonymous

joeanonymous
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 12 February 2009 - 04:35 PM

Hi DocSatan,

Regarding Viewpoint, I do not recall if the other tools I used to scan my computer found and removed Viewpoint or not. I went into Add/Remove Programs and found the following two programs installed: "Viewpoint Manager (Remove Only)" and "Viewpoint Media Player". I removed both programs from my computer. After removing, I checked to see if there was a folder called c:\program files\viewpoint and there was not.

Regarding Java, I next removed the following Java updates while keeping "Java ™ 6 Update 11":
Java ™ 6 Update 2
Java ™ 6 Update 3
Java ™ 6 Update 5
Java ™ 6 Update 7
While removing these programs, Spybot Search and Destroy kept popping up with a message stating it had detected an important registry entry that has been changed. Each time it popped up, I allowed the change.

I also found the following programs installed related to Java that I did NOT remove because I wasn't sure if I needed to remove them since the name did not exactly correspond to the formats of the files listed above. Can you please let me know if I should remove any of the following:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java ™ SE Runtime Environment 6 Update 1
Should I remove the above listed programs???

Regarding ComboFix, I downloaded the program and then disabled/shut down the antivirus/software programs on the System Tray as instructed. I also turned off the Windows Firewall. I ran ComboFix and after it was complete, Spybot Search and Destroy popped up with the same message I mentioned above. (Even thought I disabled it.) I allowed the changes.

After ComboFix was complete, I rebooted my computer and tried a Google search and found my problem as described in my original post had been fixed! It no longer gave me false search results. I am posting the ComboFix.txt file for your review in case there are other problems or fixes I need to do. I am attaching it to this post. If you would rather have me copy and paste the contents, I am happy to do so. I will wait for your response on the analysis of the ComboFix.txt file.

Also, when I first had the problem, I downloaded to my computer the following three programs: Malwarebytes' Anti-Malware, Lavasoft Ad-Aware and Spybot Search and Destroy. Once my problem is completely fixed (which I will wait to find out from you), do I need to continue to have these three programs installed on my computer together? I currently use Norton SystemWorks 2002 ver 5.04. With all these programs installed, my computer takes quite a while to fully boot up as all these programs load. Also, my computer seem a bit slow since installing these three other programs. Which of these programs should I keep and which can I remove? Can you please advise?

Once again, I will wait to hear back from you on the results of your analysis of the ComboFix.txt file. Note that I am optimistic (and happy) since the problem seems to have been fixed! However, I am also aware there could be other problems I do not know about yet.

I await further instructions.

JoeAnonymous

Attached Files



#10 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:01:03 PM

Posted 13 February 2009 - 02:19 PM

Hi JoeAnonymous,

Glad to hear that your Google-Hijack problem has been resolved. :) You were infected by:
  • Troj/Daonol-Fam.
  • This Bad-Guy infects a computer via a malicious script (java script I believe) when you visit a website that has already been compromised. It seems that any web site hosted by IX Web Hosting is susceptible to passing on this infection to anyone visiting their web site. So it doesn't mean that someone using this computer was visiting the usual sites that carry Trojans/Viruses (a.k.a. Porn Sites, Crack/Key Gen Sites, etc.).
  • In your case, the malicious file replaced your Windows Audio Driver Mapper: wdmaud.drv.
  • You can read Miekiemo's Blog to read more about this type of infection.

Can you please let me know if I should remove any of the following:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java â„¢ SE Runtime Environment 6 Update 1
Should I remove the above listed programs???

Yup, go ahead and remove those as well. :step4:


I will address the rest of your questions in a bit (probably my next post), but we still have a couple more steps to do:

1. CFScript Fix
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux2"="wdmaud.drv"
  • Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
2. Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
3. What I Need In Your Next Reply
  • Latest ComboFix.txt (Copy & Paste Please)
  • Results of the BitDefender Scan (Copy & Paste Please)

WE'RE ALMOST THERE!! :thumbup2:



#11 joeanonymous

joeanonymous
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 17 February 2009 - 04:08 PM

Hi DocSatan,

I ran ComboFix using CFScript Fix and a BitDefender online scan as instructed. I have copied and pasted the results of each below.

A few comments/notes:
When I ran ComboFix by dragging CFScript Fix onto its icon, I received a message stating that there was a newer version of ComboFix available and asking if I would like to update. I chose "NO" and did not update and continued on to run the previous version already on my computer.

While the BitDefender online scan was running, it kept stating there were viruses found. After it was complete, it stated that my computer is still infected and for real-time protection, I should upgrade to a newer version, which I did not.

The BitDefender online scan results are formated in html. I copied and pasted below however, the results are in the form of a table in html which did not translate well below. I decided to also attached the html file to this post just in case. Let me know if there is some other way to get you the results if necessary.

I also look forward to your response on my previous question in my last post regarding all the different virus software I currently have on my computer and which I should keep, delete, etc. once my current problem is resolved. I look forward to your insight.

Here are the results:

ComboFix.txt:


ComboFix 09-02-12.02 - Del Real 2009-02-16 13:14:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.133 [GMT -8:00]
Running from: c:\documents and settings\Del Real\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Del Real\Desktop\CFScript.txt
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *enabled*
.

((((((((((((((((((((((((( Files Created from 2009-01-16 to 2009-02-16 )))))))))))))))))))))))))))))))
.

2009-01-26 16:47 . 2009-01-26 16:48 4,107 --a------ c:\windows\wininit.ini
2009-01-26 15:46 . 2009-01-26 15:46 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-26 15:46 . 2009-01-26 16:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-26 15:33 . 2009-01-26 15:00 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-26 15:00 . 2009-01-26 15:00 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-01-26 15:00 . 2009-01-26 14:59 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-26 14:40 . 2009-01-26 15:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-26 14:40 . 2009-01-26 14:40 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-26 13:02 . 2009-01-26 13:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-26 13:02 . 2009-01-26 13:02 <DIR> d-------- c:\documents and settings\Del Real\Application Data\Malwarebytes
2009-01-26 13:02 . 2009-01-26 13:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-26 13:02 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-26 13:02 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-23 13:50 . 2009-01-23 13:56 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-23 13:38 . 2009-01-23 16:57 <DIR> d-------- c:\documents and settings\Del Real\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-16 20:55 --------- d-----w c:\program files\Java
2009-02-12 19:56 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-01-30 21:52 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-26 22:40 --------- d-----w c:\program files\Lavasoft
2009-01-23 22:20 --------- d-----w c:\program files\Norton AntiVirus
2009-01-23 22:17 --------- d-----w c:\program files\Symantec
2008-08-19 20:40 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-12_12.37.00.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-12 20:12:18 2,883 ----a-w c:\windows\system32\HPANT.DAT
+ 2009-02-16 21:18:05 2,883 ----a-w c:\windows\system32\HPANT.DAT
+ 2009-02-16 21:21:10 16,384 ----atw c:\windows\temp\Perflib_Perfdata_cc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"RealPlayer"="c:\program files\Real\RealOne Player\realplay.exe" [2006-06-05 1003520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-07-07 151597]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2003-10-03 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2003-07-25 155648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 58984]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2009-01-23 100056]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-09 509784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2003-01-06 49254]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-01-02 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\Hewlett-Packard\\HP Business Inkjet 2200_2250 Toolbox\\HPW7TBX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 hpbecp00;hpbecp00; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-01-26 64160]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-02-09 950096]
S2 NProtectService;Norton Unerase Protection;c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [2002-02-05 135168]


--- Other Services/Drivers In Memory ---

*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - atapi
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Automatic LiveUpdate Scheduler
*Deregistered* - Beep
*Deregistered* - ccEvtMgr
*Deregistered* - ccSetMgr
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - IntelIde
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - Lavasoft Ad-Aware Service
*Deregistered* - Lbd
*Deregistered* - LiveUpdate
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - navapsvc
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NPDriver
*Deregistered* - NPFMntor
*Deregistered* - Npfs
*Deregistered* - NProtectService
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SAVRT
*Deregistered* - SAVRTPEL
*Deregistered* - SBService
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SNDSrvc
*Deregistered* - SPBBCDrv
*Deregistered* - SPBBCSvc
*Deregistered* - Speed Disk service
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - swenum
*Deregistered* - Symantec Core LC
*Deregistered* - SYMDNS
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMIDS
*Deregistered* - SYMIDSCO
*Deregistered* - symlcbrd
*Deregistered* - SYMNDIS
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-02-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-09 15:02]

2007-01-20 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Del Real.job
- c:\progra~1\NORTON~2\Navw32.exe [2005-10-19 12:54]

2007-01-20 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\NAVW32.exe []

2008-11-08 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Common Files\Symantec Shared\NMain.exe [2004-08-13 20:17]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 13:23:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton AntiVirus\NAVAPSVC.EXE
c:\program files\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\progra~1\NORTON~1\SPEEDD~1\NOPDB.EXE
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
.
**************************************************************************
.
Completion time: 2009-02-16 13:36:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-16 21:35:59

Pre-Run: 63,353,573,376 bytes free
Post-Run: 63,308,283,904 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=1 Sets=1,2,3,4
262 --- E O F --- 2009-02-12 00:14:13



BitDefender Online Scan:

BitDefender Online Scanner



Scan report generated at: Mon, Feb 16, 2009 - 16:28:44





Scan path: A:\;C:\;D:\;







Statistics

Time
02:35:40

Files
363318

Folders
5253

Boot Sectors
0

Archives
2851

Packed Files
24285




Results

Identified Viruses
10

Infected Files
19

Suspect Files
1

Warnings
0

Disinfected
0

Deleted Files
33




Engines Info

Virus Definitions
2670987

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
17

Archive plugins
45

Unpack plugins
7

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst=>[Subject: RE: Conditions][From: Dominic Walker]=>(body)=>(Compressed Rtf)
Suspected of: Exploit.Iframe.Vulnerability

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst=>[Subject: RE: Conditions][From: Dominic Walker]=>(body)=>(Compressed Rtf)
Disinfection failed

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst=>[Subject: RE: Conditions][From: Dominic Walker]=>(body)=>(Compressed Rtf)
Deleted

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst=>[Subject: RE: Conditions][From: Dominic Walker]=>(body)
Deleted

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst
Updated

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst=>[Subject: Re: Movie][From: info@temi.com]=>your_details.zip=>details.pif
Infected with: Win32.Sobig.E@mm

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst=>[Subject: Re: Movie][From: info@temi.com]=>your_details.zip=>details.pif
Deleted

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst=>[Subject: Re: Movie][From: info@temi.com]=>your_details.zip
Updated

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst
Updated

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst=>[Subject: Server Report][From: patrice@mbay.net]=>doc.zip=>doc.pif
Infected with: Win32.Novarg.A@mm

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst=>[Subject: Server Report][From: patrice@mbay.net]=>doc.zip=>doc.pif
Deleted

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst=>[Subject: Server Report][From: patrice@mbay.net]=>doc.zip
Updated

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst
Updated

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst=>[Subject: You've received a greeting from a family member!][From: egreetings.com]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
Infected with: Generic.Peed.Eml.D4ABD1C2

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst=>[Subject: You've received a greeting from a family member!][From: egreetings.com]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
Disinfection failed

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst=>[Subject: You've received a greeting from a family member!][From: egreetings.com]=>(body)=>(Compressed Rtf)=>(Rtf2Html)
Deleted

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst=>[Subject: You've received a greeting from a family member!][From: egreetings.com]=>(body)=>(Compressed Rtf)
Update failed

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst=>[Subject: You have received a greeting from a family member!][From: postcards.com]=>(body)=>(Compressed Rtf)
Infected with: Generic.Peed.Eml.65EAE4D0

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst=>[Subject: You have received a greeting from a family member!][From: postcards.com]=>(body)=>(Compressed Rtf)
Disinfection failed

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst=>[Subject: You have received a greeting from a family member!][From: postcards.com]=>(body)=>(Compressed Rtf)
Deleted

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst=>[Subject: You have received a greeting from a family member!][From: postcards.com]=>(body)
Deleted

C:\Documents and Settings\Del Real\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst
Updated

C:\Program Files\Norton AntiVirus\Quarantine\0C961A91.tmp=>(Quarantine-2)
Infected with: Worm.Mydoom.DAN

C:\Program Files\Norton AntiVirus\Quarantine\0C961A91.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\0C961A91.tmp
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\0D9F2AE4.tmp=>(Quarantine-2)
Infected with: Worm.Mydoom.DAN

C:\Program Files\Norton AntiVirus\Quarantine\0D9F2AE4.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\0D9F2AE4.tmp
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\12674466.tmp=>(Quarantine-2)
Infected with: Win32.Doombot.B@mm

C:\Program Files\Norton AntiVirus\Quarantine\12674466.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\12674466.tmp
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\12E953D6.tmp=>(Quarantine-2)
Infected with: Win32.Doombot.B@mm

C:\Program Files\Norton AntiVirus\Quarantine\12E953D6.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\12E953D6.tmp
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\2FAB41AE.tmp=>(Quarantine-2)
Infected with: Worm.Mydoom.DAN

C:\Program Files\Norton AntiVirus\Quarantine\2FAB41AE.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\2FAB41AE.tmp
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\30886822.tmp=>(Quarantine-2)
Infected with: Trojan.Crypt.D

C:\Program Files\Norton AntiVirus\Quarantine\30886822.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\30886822.tmp
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\37E66782.tmp=>(Quarantine-2)
Infected with: Worm.Mydoom.DAN

C:\Program Files\Norton AntiVirus\Quarantine\37E66782.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\37E66782.tmp
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\523D7F1A.tmp=>(Quarantine-2)
Infected with: Worm.Mydoom.DAN

C:\Program Files\Norton AntiVirus\Quarantine\523D7F1A.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\523D7F1A.tmp
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\73733931.tmp=>(Quarantine-2)
Infected with: Win32.Worm.Mytob.H

C:\Program Files\Norton AntiVirus\Quarantine\73733931.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\73733931.tmp
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\738D0914.tmp=>(Quarantine-2)
Infected with: Win32.Worm.Mytob.H

C:\Program Files\Norton AntiVirus\Quarantine\738D0914.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\738D0914.tmp
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\74004696.tmp=>(Quarantine-2)
Infected with: Win32.Worm.Mytob.H

C:\Program Files\Norton AntiVirus\Quarantine\74004696.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\74004696.tmp
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\wdmaud.sys.vir
Infected with: Trojan.Agent.ALYN

C:\Qoobox\Quarantine\C\WINDOWS\system32\wdmaud.sys.vir
Deleted

C:\RECYCLER\NPROTECT\00002084.VIR
Infected with: Trojan.Agent.ALYN

C:\RECYCLER\NPROTECT\00002084.VIR
Deleted

C:\System Volume Information\_restore{922FBA64-F5A5-4CF8-A3FE-1795C76E5E78}\RP1029\A0143306.dll
Detected with: Spyware.945

C:\System Volume Information\_restore{922FBA64-F5A5-4CF8-A3FE-1795C76E5E78}\RP1029\A0143306.dll
Deleted

C:\System Volume Information\_restore{922FBA64-F5A5-4CF8-A3FE-1795C76E5E78}\RP1041\A0144982.sys
Infected with: Trojan.Agent.ALYN

C:\System Volume Information\_restore{922FBA64-F5A5-4CF8-A3FE-1795C76E5E78}\RP1041\A0144982.sys
Deleted

Attached Files



#12 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:01:03 PM

Posted 19 February 2009 - 09:55 AM

Hey JoeAnonymous,

Your last log looks Clean. Great Job! :thumbup2:
Just some clean-up steps left to do. Please let me know how your computer is now running (after the steps below)...any problems?
Also, if you have ANY questions, please ask them in your next reply. :step4:

House Cleaning

1. Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)
You can uninstall this program later through Add/Remove Programs, but it's a small and handy program to have.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
    • If you use Firefox browserClick Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera browserClick Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
  • For Technical Support, double-click the e-mail address located at the bottom of each menu.
2. Uninstall ComboFix
  • Click on Start --> Run
  • Type in: ComboFix /u
    • This is Case-Sensitive. Capital "C" and Capital "F".
    • Space between "x" and "/"
    • No space between "/" and "u".
  • Hit Enter
Questions Answered :)

While the BitDefender online scan was running, it kept stating there were viruses found. After it was complete, it stated that my computer is still infected and for real-time protection, I should upgrade to a newer version, which I did not.

Yes. Bitdefender found some infected e-mails in your Microsoft Outlook and deleted them:

  • [Subject: RE: Conditions][From: Dominic Walker]
  • [Subject: Re: Movie][From: info@temi.com]
  • [Subject: Server Report][From: patrice@mbay.net]
  • [Subject: You've received a greeting from a family member!][From: egreetings.com]
  • [Subject: You have received a greeting from a family member!][From: postcards.com]
The other "infections" that Bitdefender found were items in the Quarantine of Norton and ComboFix. Those items had already been "neutralized" prior to the Bitdefender scan, so they were also not an issue. BitDefender deleted them as well. :step1:

Also, when I first had the problem, I downloaded to my computer the following three programs: Malwarebytes' Anti-Malware, Lavasoft Ad-Aware and Spybot Search and Destroy.

You can uninstall Lavasoft Ad-Aware and Spybot Search and Destroy through Add/Remove Programs.

I currently use Norton SystemWorks 2002 ver 5.04.

I know that this computer is a work computer, but Norton is a known Resource-Hog. There are a lot of Free alternative Anti-Virus programs out there that do just as good of a job (if not better) as Norton. Plus they demand less resources from your computer. If you have permission/authorization to do so, I would suggest using a different Anti-Virus program (Never have more than ONE Anti-Virus installed on your computer):

If you do uninstall Norton you will also need to install a 3rd Party Firewall. Please refer to Install A 3rd Party Firewall below.


Steps to Keep Your Computer Safe and Secure:

1. Install A 3rd Party Firewall2. Make sure Your Operating System and Other Programs are Updated
  • Update Microsoft Windows
  • Microsoft has released the latest upgrades to the XP OS platform, which can be referenced HERE.
  • It is critical to stay up to date with the latest upgrades to your Operating System, as this can help prevent future problems.
    Windows XP Service Pack 3 (SP3) includes all previously released updates for the operating system.
  • Update Internet Explorer
  • Older versions of Internet Explorer have vulnerabilities that "The Bad-Guys" can exploit.
  • Please go HERE to update your Internet Explorer to the latest version.
  • Update All of Your Applications
  • The BadGuys are constantly writing new programs to exploit vulnerabilities within programs and applications. The GoodGuys are constantly updating their programs and applications to remove these vulnerabilities so the BadGuys cannot exploit them. For this reason it is very important that you not only update your Microsoft Windows, Java, Internet Explorer, etc., but also the other applications you are running on your computer.
  • I suggest that you go to the following site to scan your computer for outdated programs/applications: Secunia Vulnerability Scan
    If you want to stay up to date with the latest fixes, you can visit: The Calendar of Updates.
3. Further Reading on How to Keep Your Computer Safe and Secure

#13 joeanonymous

joeanonymous
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 19 February 2009 - 06:43 PM

Hi DocSatan,

I cleaned house and uninstalled ComboFix as instructed. I still have DDS on my computer on the Desktop. I didn't see it in Add/Remove programs. Do I just delete DDS from the Desktop to remove it?

I also updated Microsoft Windows and Internet Explorer as recommended.

I uninstalled Ad-Aware and Spybot Search and Destroy as instructed. I noticed you did not indicate I should remove Malwarebytes' AntiMalware. Having Norton on my work computer is a "soft requirement". I am not certain if I will be authorized to remove it or not. If I am not authorized to remove Norton, then should I remove Malwarebytes' AntiMalware or can the two exist together? You mention I should not have more than one anti-virus software installed on my computer at the same time. If I am authorized to remove Norton in favor of another anti-virus software, can I have Malwarebytes' AntiMalware installed together with one of the other free anti-virus software (such as Avast!, which I heard good things about)? I guess I don't understand if Malwarebytes' AntiMalware is just another anti-virus software package like the rest or if it is something different. I did notice you included it on your list of possible free anti-virus software to use. If I can only have one anti-virus software package (to include Malwarebytes' AntiMalware as one of the choices), which would you recommend? I know you can't officially endorse one over the other, but what about informally. I see you mention Malwarebytes' AntiMalware as the "Go To" choice. Any strong negatives (or positives) about any of the others?

I appreciate your help and opinion on this subject. I also need to install an anti-virus software package on my "home" computer. I recently removed Norton from my home because it slowed it to a crawl and made the computer practically unuseable. Once removed the computer ran fine once again. However, I am now operating naked on my home computer and need to install an anti-virus software package ASAP before I become infected! Before I install a new anti-virus software package, I plan to run several free anti-software scans just to make sure. I realize I need to do this on my home computer as soon as I possibly can.

My main priority is to finish up with my work computer, which seems to be almost complete thanks to your much appreciated assistance. I still need to resolve which anti-virus software to use on my work computer which will depend on your good advice (as usual). I will then apply that advice to my home computer. Any other recommendations you can make will be greatly appreciated. I look forward to your next reply.

JoeAnonymous

#14 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:01:03 PM

Posted 20 February 2009 - 06:06 PM

Hi JoeAnonymous,

Do I just delete DDS from the Desktop to remove it?

Yes. Sorry, I forgot that we had used that tool.

I noticed you did not indicate I should remove Malwarebytes' AntiMalware...
If I am not authorized to remove Norton, then should I remove Malwarebytes' AntiMalware or can the two exist together? You mention I should not have more than one anti-virus software installed on my computer at the same time.

Good Question. :thumbup2:
MBAM is an Anti-Malware program, not an Anti-Virus program. (My mistake.)
So you can have it on your computer along with an AV program. This would be a good time to differentiate between the different types of tools one should/could have on a computer:
  • 1 Anti-Virus Program
  • 1 Anti-Malware Program
  • 1 Anti-Spyware
  • 1 Firewall with 2-way protection (like the 3rd Party Firewalls suggested)

If I am authorized to remove Norton in favor of another anti-virus software, can I have Malwarebytes' AntiMalware installed together with one of the other free anti-virus software (such as Avast!, which I heard good things about)? I guess I don't understand if Malwarebytes' AntiMalware is just another anti-virus software package like the rest or if it is something different.

Yes, you can. MBAM is not an Anti-Virus program, but an Anti-Malware program.

If I can only have one anti-virus software package (to include Malwarebytes' AntiMalware as one of the choices), which would you recommend? I know you can't officially endorse one over the other, but what about informally.

Choosing a specific AV Program over another really comes down to personal preference. Some people, who are REALLY in to computers, look for specific things, like being able to control what the AV program can do. Others won't use a certain AV program because they don't like the Alerts that it gives. The list goes on. :step1:
Since these AV program are free, or most provide a free trial period, you can try them out to see which one fits you best. For me, if I don't catch anything, then it's a keeper!

WARNING: There are Malicious programs out there that try to pass themselves off as legit Anti-Virus programs. We refer to these as "Rogue Programs." Best bet is to only take advice from reputable sources, like BleepingComputer. :step5:

Here are some links for safe AV Programs and some others:

I also need to install an anti-virus software package on my "home" computer. I recently removed Norton from my home because it slowed it to a crawl and made the computer practically unuseable. Once removed the computer ran fine once again. However, I am now operating naked on my home computer and need to install an anti-virus software package ASAP before I become infected!

No Anti-Virus program on your home computer? :step4:
You should install one of the Free AV Programs immediately. You can always decide on a specific one later. Avast! would be my choice for now.
You should also install one of the 3rd Party Firewalls, from the previous post, on your Home computer.
what version of Norton were you using on your home computer? Some versions leave left-over files that are difficult to remove, even when you have used the Add/Remove Programs. There is a program that you can run that will remove Norton completely, but it's only for certain versions.

I still need to resolve which anti-virus software to use on my work computer which will depend on your good advice (as usual). I will then apply that advice to my home computer.

Well, your work computer appears to be "clean."
I can't really say which AV program is best. I haven't used them all. But I can say that the AV programs that I have suggested come highly recommended by the "community." You can always post a question about this (or about other things) in the Forums here at B.C. There are many, many learned computer people here that would be glad to help. :)

For me, I use the paid version of NOD32 for Anti-Virus and Zone Alarm Free for Firewall (might be changing this since I've just been informed that it is a resource hog :) . Then I use MBAM (free version), A-Squared Free, and Super Anti-Spyware 9free version) as stand alone (On-Demand) scanners periodically.

So short story long:
Anti-Virus ProgramsFirewallsAnti-MalwareAnti-SpywareThat should get you started!

Have I answered your question well enough? Please let me know if you still have some questions. Happy to answer them.

Is your computer still running slow after the removal of the other programs?

#15 joeanonymous

joeanonymous
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 24 February 2009 - 02:29 PM

Hi DocSatan,

Thanks for the clarification regarding anti-virus programs and Malwarebyte as an anti-malware program.

Regarding my "work" computer, I decided to stick with the version of Norton I currently have. It does not seem to be slowing down my computer much (like my home computer did), plus I have a current active subscription to update the virus definitions. I am keeping MBAM as my anti-malware program as you recommend. I have not done so yet but will also use anti-spyware and a 2-way protection firewall as you suggest. Question: If I load a 2-way protection firewall, should I then not use the Microsoft firewall built into Windows XP? In other words, should I be using both at the same time and can they coexist? To answer your question, my work computer seems to be running (and booting up) much faster after removing all the other programs.

Regarding my "home" computer, I will be installing Avast! this week along with the other protections you recommend. To address your question about Norton which I removed from my home computer, the version I had was Norton Internet Security 2007. You commented that some versions of Norton are difficult to remove and some leave left over files. You also commented there is a program to remove Norton completely but it only works for certain versions. My home computer seems to be running okay and I don't see any Norton leftovers (doesn't mean they're not there). Do you think I need to make sure Norton is completely removed?

You have been a great help and I sincerely appreciate all your assistance. I look forward to your next response. I think we are almost finished but always open to any other recommendations you have.

JoeAnonymous




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users