Solve : Computer Virus Help?

1.	Solve : Computer Virus Help?
Answer» Hi, My computer once again is acting like it has a big problem. I have noticed when I start windows, and run just about any programt anytime, the system is slower. Online browsing is delayed, and often has crashes. I. I have tried to resolve this problem by 1) Running evilfantasy's guide of -CCleaner -SAS -ESET Online -Java -HiJack this 2) I tried to as well run -Symnatec Anti-Virus -Ad-Aware -Spybot Search and Destroy -eWido II. However, there are some problems. 1) Symnatec shows the same VIRUSES nightly. 2) Ad aware no longer works, it keeps freezing. 3) Spybot search and destroy shows no problems in contrast to AVG spware. 4) eWido says errors. 5) All of these were run BEFORE evilfantasy's guide III. I wanted to know why these problems are occuring. 1) What is wrong with my computer. 2) Why symnatec shows the same viruses, why Ad adware is not working, why eWido is not working, and Spybot not deteching. 3) If I should drop, remove, or redo some programs and simply keep ONLY what evilfantasyguide says to use. 4) I have posted all logs, they would not attach. 5) I did delete windows defender, which was on my add/remove programs (is that a bad program?) -I also notice PURE NETWORKS PORT MAGIC. -Should I delete this? 6) I also have combo fix and fsbl if anything needs help in those areas. Thanks!SAS Log SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 12/21/2007 at 04:29 PM Application Version : 3.9.1008 Core Rules Database Version : 3365 Trace Rules Database Version: 1364 Scan type : Complete Scan Total Scan Time : 01:12:04 Memory items scanned : 395 Memory threats detected : 0 Registry items scanned : 5326 Registry threats detected : 1 File items scanned : 38722 File threats detected : 28 Adware.Tracking Cookie C:\Documents and Settings\Trent Berger\Cookies\[emailprotected][2].txt C:\Documents and Settings\Trent Berger\Cookies\[emailprotected][1].txt C:\Documents and Settings\Trent Berger\Cookies\[emailprotected][1].txt C:\Documents and Settings\Trent Berger\Cookies\[emailprotected][1].txt C:\Documents and Settings\Trent Berger\Cookies\[emailprotected][1].txt C:\Documents and Settings\Trent Berger\Cookies\[emailprotected][1].txt C:\Documents and Settings\Trent Berger\Cookies\[emailprotected][1].txt C:\Documents and Settings\Trent Berger\Cookies\[emailprotected][1].txt C:\Documents and Settings\All Family\Cookies\all [emailprotected][1].txt C:\Documents and Settings\All Family\Cookies\all [emailprotected][2].txt C:\Documents and Settings\All Family\Cookies\all [emailprotected][1].txt C:\Documents and Settings\All Family\Cookies\all [emailprotected][1].txt C:\Documents and Settings\All Family\Cookies\all [emailprotected][2].txt C:\Documents and Settings\All Family\Cookies\all [emailprotected][1].txt C:\Documents and Settings\All Family\Cookies\all [emailprotected][2].txt C:\Documents and Settings\All Family\Cookies\all [emailprotected][2].txt C:\Documents and Settings\All Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\All Family\Cookies\[emailprotected][1].txt C:\Documents and Settings\Trent Berger\Cookies\[emailprotected][1].txt Adware.MyWay C:\Program Files\MyWay\SrchAstt\1.bin\PARTNER.DAT C:\Program Files\MyWay\SrchAstt\1.bin C:\Program Files\MyWay\SrchAstt\Cache\00048C7D C:\Program Files\MyWay\SrchAstt\Cache\0006A441 C:\Program Files\MyWay\SrchAstt\Cache\0074A62E C:\Program Files\MyWay\SrchAstt\Cache\files.ini C:\Program Files\MyWay\SrchAstt\Cache C:\Program Files\MyWay\SrchAstt C:\Program Files\MyWay Trojan.WinAntiSpyware 2007 HKU\S-1-5-21-484763869-630328440-725345543-1003\Software\WinAntiSpyware 2007 ESET Log # version=4 # OnlineScanner.ocx=1.0.0.56 # OnlineScannerDLLA.dll=1, 0, 0, 51 # OnlineScannerDLLW.dll=1, 0, 0, 51 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=2741 (20071221) # vers_arch_module=1.059 (20071108) # vers_adv_heur_module=1.064 (20070717) # EOSSerial=6df5535ff4342e45bc0ad7ecdcc9370f # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2007-12-21 10:51:40 # local_time=2007-12-21 05:51:40 (-0500, Eastern Standard Time) # country="United States" # osver=5.1.2600 NT Service Pack 2 # scanned=147690 # found=3 # scan_time=2449 C:\AOL Instant Messenger\AIM.exeWin32/Adware.WBug.A application (deleted)00000000000000000000000000000000 C:\AOL Instant Messenger\AIM.exe »WISE »WxBug.EXEWin32/Adware.WBug.A application (error while deleting - operation unavailable for this type of object - was a part of the deleted object)00000000000000000000000000000000 C:\AOL Instant Messenger\AIM.exe »WISE »WxBug.EXE »WISE »MiniBugTransporter.dllWin32/Adware.WBug.A application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object)00000000000000000000000000000000 Hi Jack This Log Logfile of HijackThis v1.99.1 Scan saved at 5:58:59 PM, on 12/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\1154149194\ee\AOLSoftware.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Documents and Settings\Trent Berger\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dell.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154149194\ee\AOLSoftware.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec CORPORATION - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Dell Wireless WLAN TRAY Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe Your HJT log is fairly clean... 1. Print this post out, since you won't have an access to it, at some point. 2. Close all windows, except for HijackThis. 3. Put a checkmark next to the following HijackThis entries: - O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) - O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) - O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) 4. Click on "Fix checked" button. ------------------------------------------------------------------------------------ Quote Symnatec shows the same viruses nightly. Can you write the names down, and post them back here? We also need your computer specs... - processor speed - hard drive size/how much free space - how much RAM?1) I ran a scan of symnatec. It came up with TWO different viruses this time. They are: Jvmusafe.jar-6ba32b3f-74e517da.zip Status: Still contains one infected item Action taken: Quarantined Scan type: Manual Scan Event: Threat Found! Threat: Downloader File: C:\Documents and Settings\Trent Berger\.jpi_cache\jar\1.0\jvmusafe.jar-6ba32b3f-74e517da.zip>>vmain.class Location: Quarantine Computer: TRENT-31A63E0D1 User: Trent Berger Action taken: Quarantine succeeded Date found: Friday, December 21, 2007 10:37:42 PM -Are these now taken care of or is there more I have to do? 2) How do I find out the computer specs -Processor Speed -Hardrive/Free Space -Ram 3) What should I do about -Ad Aware -Spybot -eWido -AVG -Should I delete and just use SAS, ESET? Thanks! 1. Two messages from Symantec are about ONE file: Jvmusafe.jar-6ba32b3f-74e517da.zip It was taken care of (Quarantined), so you're done. 2. Get BgInfo: http://technet.microsoft.com/en-us/sysinternals/bb897557.aspx 3. You may have only ONE firewall, and ONE antivirus, and this is exactly what you have: Norton, in both cases. As for other antimalware programs (Spybot, Ad-aware, etc.), and on-line antivirus scanners, you may have as many, as you want.I downloaded it. Am I fine then? Your computer is clean. How is it now? Faster? Crashes?

Answer»

Hi,
My computer once again is acting like it has a big problem. I have noticed when I start windows, and run just about any programt anytime, the system is slower. Online browsing is delayed, and often has crashes.

I.
I have tried to resolve this problem by

1) Running evilfantasy's guide of
-CCleaner
-SAS
-ESET Online
-Java
-HiJack this

2) I tried to as well run
-Symnatec Anti-Virus
-Ad-Aware
-Spybot Search and Destroy
-eWido

II.
However, there are some problems.
1) Symnatec shows the same VIRUSES nightly.
2) Ad aware no longer works, it keeps freezing.
3) Spybot search and destroy shows no problems in contrast to AVG spware.
4) eWido says errors.
5) All of these were run BEFORE evilfantasy's guide

III.
I wanted to know why these problems are occuring.
1) What is wrong with my computer.
2) Why symnatec shows the same viruses, why Ad adware is not working, why eWido is not working, and Spybot not deteching.
3) If I should drop, remove, or redo some programs and simply keep ONLY what evilfantasyguide says to use.
4) I have posted all logs, they would not attach.
5) I did delete windows defender, which was on my add/remove programs (is that a bad program?)
-I also notice PURE NETWORKS PORT MAGIC.
-Should I delete this?
6) I also have combo fix and fsbl if anything needs help in those areas.

Thanks!SAS Log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/21/2007 at 04:29 PM

Application Version : 3.9.1008

Core Rules Database Version : 3365
Trace Rules Database Version: 1364

Scan type : Complete Scan
Total Scan Time : 01:12:04

Memory items scanned : 395
Memory threats detected : 0
Registry items scanned : 5326
Registry threats detected : 1
File items scanned : 38722
File threats detected : 28

Adware.Tracking Cookie
C:\Documents and Settings\Trent Berger\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Trent Berger\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Trent Berger\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Trent Berger\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Trent Berger\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Trent Berger\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Trent Berger\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Trent Berger\Cookies\[emailprotected][1].txt
C:\Documents and Settings\All Family\Cookies\all [emailprotected][1].txt
C:\Documents and Settings\All Family\Cookies\all [emailprotected][2].txt
C:\Documents and Settings\All Family\Cookies\all [emailprotected][1].txt
C:\Documents and Settings\All Family\Cookies\all [emailprotected][1].txt
C:\Documents and Settings\All Family\Cookies\all [emailprotected][2].txt
C:\Documents and Settings\All Family\Cookies\all [emailprotected][1].txt
C:\Documents and Settings\All Family\Cookies\all [emailprotected][2].txt
C:\Documents and Settings\All Family\Cookies\all [emailprotected][2].txt
C:\Documents and Settings\All Family\Cookies\[emailprotected][1].txt
C:\Documents and Settings\All Family\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Trent Berger\Cookies\[emailprotected][1].txt

Adware.MyWay
C:\Program Files\MyWay\SrchAstt\1.bin\PARTNER.DAT
C:\Program Files\MyWay\SrchAstt\1.bin
C:\Program Files\MyWay\SrchAstt\Cache\00048C7D
C:\Program Files\MyWay\SrchAstt\Cache\0006A441
C:\Program Files\MyWay\SrchAstt\Cache\0074A62E
C:\Program Files\MyWay\SrchAstt\Cache\files.ini
C:\Program Files\MyWay\SrchAstt\Cache
C:\Program Files\MyWay\SrchAstt
C:\Program Files\MyWay

Trojan.WinAntiSpyware 2007
HKU\S-1-5-21-484763869-630328440-725345543-1003\Software\WinAntiSpyware 2007

ESET Log
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2741 (20071221)
# vers_arch_module=1.059 (20071108)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=6df5535ff4342e45bc0ad7ecdcc9370f
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2007-12-21 10:51:40
# local_time=2007-12-21 05:51:40 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=147690
# found=3
# scan_time=2449
C:\AOL Instant Messenger\AIM.exeWin32/Adware.WBug.A application (deleted)00000000000000000000000000000000
C:\AOL Instant Messenger\AIM.exe »WISE »WxBug.EXEWin32/Adware.WBug.A application (error while deleting - operation unavailable for this type of object - was a part of the deleted object)00000000000000000000000000000000
C:\AOL Instant Messenger\AIM.exe »WISE »WxBug.EXE »WISE »MiniBugTransporter.dllWin32/Adware.WBug.A application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object)00000000000000000000000000000000
Hi Jack This Log
Logfile of HijackThis v1.99.1
Scan saved at 5:58:59 PM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1154149194\ee\AOLSoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Documents and Settings\Trent Berger\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154149194\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec CORPORATION - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN TRAY Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Your HJT log is fairly clean...

1. Print this post out, since you won't have an access to it, at some point.

2. Close all windows, except for HijackThis.

3. Put a checkmark next to the following HijackThis entries:

- O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

- O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

- O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

4. Click on "Fix checked" button.

------------------------------------------------------------------------------------

Quote

Symnatec shows the same viruses nightly.

Can you write the names down, and post them back here?

We also need your computer specs...
- processor speed
- hard drive size/how much free space
- how much RAM?1) I ran a scan of symnatec.
It came up with TWO different viruses this time.

They are:

Jvmusafe.jar-6ba32b3f-74e517da.zip
Status: Still contains one infected item
Action taken: Quarantined

Scan type: Manual Scan
Event: Threat Found!
Threat: Downloader
File: C:\Documents and Settings\Trent Berger\.jpi_cache\jar\1.0\jvmusafe.jar-6ba32b3f-74e517da.zip>>vmain.class
Location: Quarantine
Computer: TRENT-31A63E0D1
User: Trent Berger
Action taken: Quarantine succeeded
Date found: Friday, December 21, 2007 10:37:42 PM

-Are these now taken care of or is there more I have to do?

2) How do I find out the computer specs
-Processor Speed
-Hardrive/Free Space
-Ram

3) What should I do about
-Ad Aware
-Spybot
-eWido
-AVG

-Should I delete and just use SAS, ESET?

Thanks!
1. Two messages from Symantec are about ONE file: Jvmusafe.jar-6ba32b3f-74e517da.zip
It was taken care of (Quarantined), so you're done.

2. Get BgInfo: http://technet.microsoft.com/en-us/sysinternals/bb897557.aspx

3. You may have only ONE firewall, and ONE antivirus, and this is exactly what you have: Norton, in both cases.
As for other antimalware programs (Spybot, Ad-aware, etc.), and on-line antivirus scanners, you may have as many, as you want.I downloaded it.
Am I fine then?
Your computer is clean. How is it now? Faster? Crashes?

Solve : Computer Virus Help?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment