I recently did some automatic updates, and afterword norton found numerous trojans and av suite. norton quarintined these items, but now I get intrusion alerts every twenty minutes or so.
these intrusions are labeled: an intrusion attempt by zz87jfhda88.com was blocked. path DEVICE/HARDDISKVOLUME2/WINDOWS/SYSTEM32/SVCHOST.EXE
I may have turned off my auto updates... comp was slow.... might have forgot to turn it back on.... oops
what can I do now? do I need protect bank accounts, or paypal accounts?
thanks in advance for any advice.
here is my dds log:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Rob at 18:40:54.06 on Wed 07/28/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.95
[GMT -6:00]
AV: Norton 360 *On-access scanning enabled* (Updated)
{E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rob\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.
microsoft:en-US&ie=utf8&oe=utf8
uURLSearchHooks: N/A: {4d25f926-b9fe-4682-bf72-8ab8210d6d75} -
c:\program files\mywaysa\srchasde\1.bin\deSrcAs.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} -
c:\program files\hp\digital imaging\smart web
printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} -
c:\program files\common
files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer:
{3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program
files\real\realplayer\rpbrowserrecordplugin.dll
BHO: : {4d25f921-b9fe-4682-bf72-8ab8210d6d75} - c:\program
files\mywaysa\srchasde\1.bin\deSrcAs.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} -
c:\windows\system32\dla\tfswshx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} -
c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention:
{6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton
360\engine\3.8.0.41\IPSBHO.DLL
BHO: Google Toolbar Notifier BHO:
{af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program
files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper:
{dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program
files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class:
{e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program
files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} -
c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} -
c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [{656BD480-A5DF-F3A3-3E03-FDFCEB0B6058}] "c:\documents and
settings\rob\application data\okku\visii.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program
files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Dit] Dit.exe
mRun: [Adobe ARM] "c:\program files\common
files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe
/auto
mRunOnce: [Uninstall Adobe Download Manager]
"c:\windows\system32\rundll32.exe" "c:\program
files\nos\bin\getPlus_Helper_3004.dll",Uninstall
/IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
StartupFolder: c:\documents and settings\rob\start
menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder:
c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk -
c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder:
c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk -
c:\program files\linksys\wusb600n\WUSB600N.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program
files\partygaming\partypoker\RunApp.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program
files\partypoker.net\partypokernet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program
files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} -
{DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program
files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: musicmatch.com\online
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} -
hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -
hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUp
loader5.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program
files\yahoo!\common\Yinsthelper.dll
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} -
hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -
hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
hxxp://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -
hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} -
c:\program files\intuit\quickbooks 2005\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
c:\windows\system32\mscoree.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} -
c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj -
{AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 SymEFA;Symantec Extended File
Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys
[2010-1-27 310320]
R1 BHDrvx86;Symantec Heuristics
Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys
[2010-1-27 259632]
R1 ccHP;Symantec Hash
Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys
[2010-1-27 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application
data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\i
psdefs\20100726.001\IDSXpx86.sys [2010-7-28 331640]
R2 N360;Norton 360;c:\program files\norton
360\engine\3.8.0.41\ccSvcHst.exe [2010-1-27 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common
files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-23
102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application
data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\v
irusdefs\20100728.002\NAVENG.SYS [2010-7-28 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application
data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\v
irusdefs\20100728.002\NAVEX15.SYS [2010-7-28 1362608]
S2 gupdate;Google Update Service (gupdate);c:\program
files\google\update\GoogleUpdate.exe [2010-2-7 135664]
S3 CardReaderFilter;Card Reader
Filter;c:\windows\system32\drivers\USBCRFT.SYS [2006-9-21 13568]
S3 nosGetPlusHelper;getPlus® Helper
3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4
14336]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card
Driver;c:\windows\system32\drivers\rt2870.sys [2007-12-14 551680]
=============== Created Last 30 ================
2010-07-26 20:36:11 0 d-----w- c:\program files\Norton Support
2010-07-26 15:58:50 0 d-----w- c:\windows\system32\scripting
2010-07-26 15:58:46 0 d-----w- c:\windows\l2schemas
2010-07-26 15:58:34 0 d-----w- c:\windows\system32\en
2010-07-26 15:58:33 0 d-----w- c:\windows\system32\bits
2010-07-26 15:32:25 0 d-----w- c:\windows\EHome
2010-07-23 14:56:29 664 ----a-w-
c:\windows\system32\d3d9caps.dat
2010-07-13 21:31:21 744448 ------w-
c:\windows\system32\dllcache\helpsvc.exe
==================== Find3M ====================
2010-07-28 22:05:24 13568 ----a-w-
c:\windows\system32\drivers\USBCRFT.SYS
2010-05-05 13:30:57 173056 ----a-w-
c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w-
c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w-
c:\windows\system32\dllcache\win32k.sys
2009-08-05 17:22:29 848 --sha-w-
c:\windows\system32\KGyGaAvL.sys
============= FINISH: 18:44:45.96 ===============