|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
03-11-2009, 04:46 PM
|
#1 (permalink) |
|
I helped the forums.
Join Date: Mar 2005
Location: PA
Posts: 24
OS: Windows XP
|
Antivirus 360
I was checking email and using IE on my notebook when suddenly I got all kinds of warnings about problems with my computer. I was asked to download Antivirus 360, which I must have done unknowingly. Then it occurred to me my computer is already protected (Norton Protection Center, Spyware S&D, Spyware Blaster, etc), and those programs were not reacting to anything. I put two and two together and determined the warnings must be the problem.
I saw a filename with "worm" but didn't write it down and don't remember it. This item went by the name Antivirus 360. Downloaded a removal tool to get rid of it, but I'm skeptical. DDS (Ver_09-02-01.01) - NTFSx86 Run by Carol at 18:24:30.63 on Wed 03/11/2009 Internet Explorer: 7.0.6001.18000 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1978.747 [GMT -4:00] AV: Norton Internet Security *On-access scanning enabled* (Updated) FW: Norton Internet Security *enabled* ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\SMINST\BLService.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Second Backup\SecondBackup.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Microsoft Office\Office12\GROOVE.EXE C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\taskeng.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Carol\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: NoExplorer - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\users\carol\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office12\GROOVE.EXE StartupFolder: c:\users\carol\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ============= SERVICES / DRIVERS =============== R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090310.005\IDSvix86.sys [2009-3-11 270384] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-6 149352] R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-7-26 361808] R2 Second Backup Service;Second Backup Service;c:\program files\second backup\SecondBackup.exe [2007-12-27 1744896] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-22 24652] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-26 193840] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-25 101936] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-4 113664] R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888] =============== Created Last 30 ================ 2009-03-11 17:38 <DIR> --d----- c:\users\carol\appdata\roaming\Malwarebytes 2009-03-11 17:38 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-03-11 17:38 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-11 17:38 <DIR> --d----- c:\programdata\Malwarebytes 2009-03-11 17:38 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-03-11 17:38 <DIR> --d----- c:\progra~2\Malwarebytes 2009-02-19 12:31 24,112 a------- c:\windows\system32\drivers\SymIMV.sys 2009-02-19 12:31 9,844 a------- c:\windows\system32\drivers\SymRedir.cat 2009-02-19 12:31 1,611 a------- c:\windows\system32\drivers\SymRedir.inf 2009-02-19 12:31 41,008 a------- c:\windows\system32\drivers\symndisv.sys 2009-02-19 12:31 184,496 a------- c:\windows\system32\drivers\symtdi.sys 2009-02-19 12:31 96,560 a------- c:\windows\system32\drivers\symfw.sys 2009-02-19 12:31 38,576 a------- c:\windows\system32\drivers\symids.sys 2009-02-19 12:31 22,320 a------- c:\windows\system32\drivers\symredrv.sys 2009-02-19 12:31 13,616 a------- c:\windows\system32\drivers\symdns.sys 2009-02-16 11:34 724,992 a------- c:\windows\iun6002.exe 2009-02-16 11:34 <DIR> --d----- c:\program files\Second Backup 2009-02-14 14:28 <DIR> --d----- c:\program files\Home Series 2009-02-11 18:23 827,392 a------- c:\windows\system32\wininet.dll 2009-02-11 18:23 1,383,424 a------- c:\windows\system32\mshtml.tlb ==================== Find3M ==================== 2009-03-05 18:11 410,984 a------- c:\windows\system32\deploytk.dll 2009-02-27 18:06 51,200 a------- c:\windows\inf\infpub.dat 2009-02-27 18:06 86,016 a------- c:\windows\inf\infstrng.dat 2009-02-27 18:06 86,016 a------- c:\windows\inf\infstor.dat 2009-01-24 22:55 956,344 a------- c:\users\carol\SaveAsPDFandXPS.exe 2008-11-22 21:04 70,592 a------- c:\users\carol\Favorites[1].zip 2008-07-25 23:46 665,600 a------- c:\windows\inf\drvindex.dat 2008-01-20 22:57 174 a--sh--- c:\program files\desktop.ini 2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2008-11-25 18:11 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2008-11-25 18:11 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2008-11-25 18:11 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat 2008-11-22 12:47 22 a--sh--- c:\windows\sminst\HPCD.sys ============= FINISH: 18:25:01.49 =============== |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
03-16-2009, 09:33 PM
|
#3 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,767
OS: 2000 Pro; XP Pro; XP Home
|
Re: Antivirus 360
Hi -
I'm not seeing anything in those logs to suggest an active infection. Are you experiencing any symptoms which make you think the machine is? Redirected searches, popups, etc...?
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Microsoft MVP - Consumer Security 2009
|
|
|
|
|
03-17-2009, 07:26 PM
|
#4 (permalink) |
|
I helped the forums.
Join Date: Mar 2005
Location: PA
Posts: 24
OS: Windows XP
|
Re: Antivirus 360
Not anymore. I started experiencing the pop ups and redirected searches and used a removal tool of some sort to clean it up. Then the problem occurred again, and I cleaned it up again. I wanted to make sure something isn't stuck in there that could become a recurring problem for me. Thank you for your help and your time.
Carol |
|
|
|
|
03-17-2009, 07:34 PM
|
#5 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,767
OS: 2000 Pro; XP Pro; XP Home
|
Re: Antivirus 360
Hi Carol -
I see you have Malwarebytes AntiMalware installed. MBAM is very effective against many rogue infections. Is that the removal tool you're referring to, or was it something else? Also, if an infection returns, it's either because not all of it was removed in the first place, or someone using the machine revisited a place where the infection was picked up initially. This should be addressed while we're here: Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) Java(TM) 6 Update 5 These are all outdated, and security risks by having them installed still. Unfortunately, Java does not uninstall these older versions when you update, nor tell you that you should. Going forward, Java will overwrite existing installs, so removing older versions should not be required after this. Leave Java(TM) 6 Update 12 alone, as it has the most recent security updates. --------------------------------------------------------------------------------------------- It might be a good idea to run this online scan to help look for remnants. First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one. Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
03-19-2009, 08:52 PM
|
#6 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,767
OS: 2000 Pro; XP Pro; XP Home
|
Re: Antivirus 360
Still need help on this?
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
04-01-2009, 08:12 AM
|
#7 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,767
OS: 2000 Pro; XP Pro; XP Home
|
Re: Antivirus 360
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
| Thread Tools | |
|
|
