Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with Antivirus 360 and pop-ups


  • This topic is locked This topic is locked
2 replies to this topic

#1 22ktb

22ktb

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 16 March 2009 - 07:22 PM

Lots of pop-ups - won't allow me to acces most websites - had to fight with it to stay on this one! Icons on the bottom of my screen, trying to trick me into believing they are from microsoft.


DDS (Ver_09-03-16.01) - NTFSx86
Run by user at 20:01:11.98 on Mon 03/16/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.597 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\A360\av360.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.catholicexchange.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.134\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.134\IPSBHO.DLL
BHO: &Research: {d263fa6d-84cc-48a8-9af6-c664362b7a5b} - c:\windows\system32\winconfig.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.134\coIEPlg.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [447079DD3D32FE1E91DE95C446F0EE2D] c:\program files\a360\av360.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe"
mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233594522812
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233594517062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.134\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.086\SymEFA.sys [2009-3-4 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.086\BHDrvx86.sys [2009-3-4 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.086\cchpx86.sys [2009-3-4 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090310.003\IDSXpx86.sys [2009-3-11 276344]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.134\ccSvcHst.exe [2009-3-4 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-25 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090316.002\NAVENG.SYS [2009-3-16 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090316.002\NAVEX15.SYS [2009-3-16 876144]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2009-2-16 99248]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-2-16 33752]

=============== Created Last 30 ================

2009-03-16 17:18 301,056 a------- c:\windows\system32\winconfig.dll
2009-03-16 17:17 <DIR> --d----- c:\program files\A360
2009-03-11 21:19 221,184 a------- c:\windows\system32\wmpns.dll
2009-03-05 17:25 <DIR> --d--r-- c:\program files\Norton Support
2009-03-02 19:47 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-03-02 19:47 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-02 19:46 <DIR> --d----- c:\program files\iPod
2009-03-02 19:46 <DIR> --d----- c:\program files\iTunes
2009-03-02 19:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-01 12:51 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-01 12:51 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-01 12:49 <DIR> --d----- c:\documents and settings\user\.hd
2009-02-25 08:06 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-02-22 20:06 <DIR> --d----- c:\docume~1\user\applic~1\ZoomBrowser EX
2009-02-16 21:21 61,960 a------- c:\docume~1\user\applic~1\GDIPFONTCACHEV1.DAT
2009-02-16 17:16 <DIR> --d----- c:\docume~1\user\applic~1\Lexmark Productivity Studio
2009-02-16 14:25 <DIR> --d----- c:\docume~1\user\applic~1\FaxCtr
2009-02-16 14:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2009-02-16 14:20 <DIR> --d----- c:\program files\Canon
2009-02-16 14:14 <DIR> --d----- c:\program files\common files\Canon
2009-02-16 13:56 <DIR> --d----- c:\program files\Lx_cats
2009-02-16 13:56 <DIR> --d----- C:\logs
2009-02-16 13:56 40,960 a------- c:\windows\system32\lxddvs.dll
2009-02-16 13:56 344,064 a------- c:\windows\system32\lxddcoin.dll
2009-02-16 13:55 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-02-16 13:55 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-02-16 13:55 87,040 ac------ c:\windows\system32\dllcache\wiafbdrv.dll
2009-02-16 13:55 87,040 a------- c:\windows\system32\wiafbdrv.dll
2009-02-16 13:55 692,224 a------- c:\windows\system32\lxdddrs.dll
2009-02-16 13:55 69,632 a------- c:\windows\system32\lxddcnv4.dll
2009-02-16 13:55 65,536 a------- c:\windows\system32\lxddcaps.dll
2009-02-16 13:55 45,056 a------- c:\windows\system32\LXF3PMON.DLL
2009-02-16 13:55 32,768 a------- c:\windows\system32\LXF3FXPU.DLL
2009-02-16 13:54 339,968 a------- c:\windows\system32\IMGMAN32.DLL
2009-02-16 13:54 98,345 a------- c:\windows\system32\IMHOST32.DLL
2009-02-16 13:54 98,304 a------- c:\windows\system32\IM31XPNG.DEL
2009-02-16 13:54 69,632 a------- c:\windows\system32\IM31XTIF.DEL
2009-02-16 13:54 49,152 a------- c:\windows\system32\IM31IMG.DIL
2009-02-16 13:54 36,864 a------- c:\windows\system32\lxf3oem.dll
2009-02-16 13:54 12,288 a------- c:\windows\system32\LXF3PMRC.DLL
2009-02-16 13:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FaxCtr
2009-02-16 13:53 <DIR> --d----- c:\program files\Lexmark Fax Solutions
2009-02-16 13:53 44 a------- c:\windows\system32\lxddrwrd.ini
2009-02-16 13:53 <DIR> --d----- c:\program files\Lexmark Toolbar
2009-02-16 13:53 <DIR> --d----- c:\program files\Abbyy FineReader 6.0 Sprint
2009-02-16 13:52 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-02-16 13:52 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-02-16 13:52 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-02-16 13:52 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-02-16 13:51 <DIR> --d----- c:\program files\Lexmark 2500 Series
2009-02-16 13:50 <DIR> --d----- c:\windows\system32\appmgmt
2009-02-15 19:16 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
2009-02-15 19:16 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2009-02-15 18:37 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-02-15 18:37 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-15 18:37 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-02-15 18:37 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-15 18:37 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-02-15 18:37 <DIR> --d----- c:\program files\Symantec
2009-02-15 18:36 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-02-15 18:36 <DIR> --d----- c:\program files\Norton Internet Security
2009-02-15 18:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-02-15 18:36 <DIR> --d----- c:\program files\NortonInstaller
2009-02-15 18:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-02-15 18:34 <DIR> --d----- c:\documents and settings\all users\Symantec Temporary Files
2009-02-15 17:55 <DIR> --d----- c:\program files\Verizon
2009-02-15 17:55 <DIR> --d----- c:\program files\common files\Motive
2009-02-15 13:50 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-02-15 13:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-02-15 13:42 268,648 a------- c:\windows\system32\mucltui.dll
2009-02-15 13:42 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-02-15 10:15 376 a------- c:\windows\ODBC.INI
2009-02-15 10:15 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-02-15 10:14 <DIR> --d----- c:\windows\ShellNew

==================== Find3M ====================

2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2008-12-20 19:15 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 20:01:38.29 ===============

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:09 PM

Posted 17 March 2009 - 04:56 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh DDS log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:09 PM

Posted 31 March 2009 - 07:30 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users