Residual spyware

[kevinH169]

Thanks for the quick reply.

I have to leave very soon, so just to clear things up before I go:

Yes, actually I do have one of my old logs; I'm posting the very first Malwarebytes' Anti-Malware scan that I did. I believe it had something to do with "Antivirus XP 2008". It was rather nasty.

As... for the others I don't have their logs. MB-AM pretty much cleaned it all up, though.

I'll get an anti-virus program in the mean time; before I had SBC Yahoo!'s online protection program, but those application caused some problems so I ended up removing them. Since my brother never seemed to have any problems without it, I figured I was okay (I guess not).

My Windows' firewall was momentarily disabled so I could get DSS working; no worries, I have it on, now.

And... the ESET scanner log is the "log.txt", but now that I've opened it, it doesn't seem like it's really... helpful. Should I do another scan?

Thanks again, I'll get back to you as soon as I can.
Kevin

[jholland1964]

You do show PORTIONS of an old Norton program running on the computer but it looks as though some of it has been removed and therefore it wouldn't be doing it's job. It doesn't seem to be in the Uninstall list anywhere. Do you recall it being on the computer?
Do a file search for all files named Symantec and also Norton and see if you find any. If so, delete them all.


Couple of things you really need to do;
First of all, download Combofix
to the desktop.
Open Notepad and copy/paste the text in the below quote box into it:

KILLALL::

Folder::

C:\WINDOWS\system32\jbfsyl.dll
C:\WINDOWS\system32\hjdvbixv.dll
C:\WINDOWS\system32\fjjbnwxs.dll
C:\WINDOWS\system32\vapfeolp.dll
C:\WINDOWS\system32\fcccbxyV.dl
C:\WINDOWS\system32\fjjbnwxs.dll
C:\WINDOWS\system32\wvUkJdBr.dll
C:\WINDOWS\system32\fcccbxyV.dll
C:\WINDOWS\system32\uoyzsydz.exe
C:\WINDOWS\portsv.exe

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]LSA Shellu=C:\Documents and Settings\Ha\lsass.exe

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Next run HJT again and place a checkmark next to the following if they exist;
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.254.1.7:8080

O1 - Hosts: 89.149.226.178 wiki.d-addicts.com

O2 - BHO: {7b1a4d4c-6784-958a-edc4-983bce2fde9c} - {c9edf2ec-b389-4cde-a859-4876c4d4a1b7} - C:\WINDOWS\system32\jbfsyl.dll

O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Ha\lsass.exe

Once you have placed the checkmarks then click the Fix Checked button.
Exit HJT.
Reboot the computer and run HJT again. Save the scan log and post back here with the Combofix log and the new HJT log.

[kevinH169]

The old anti-virus was Symantec, I believe, and it came with SBC! Yahoo Online Protection; I removed it a few days ago. Don't think there's any of it left.

Thanks for the help! I really appreciate it.

[jholland1964]

The old anti-virus was Symantec, I believe, and it came with SBC! Yahoo Online Protection; I removed it a few days ago. Don't think there's any of it left.

Thanks for the help! I really appreciate it.

There are STILL Symantec files on the computer, as shown by the logs listed in the following places;
Running processes:
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

StartUp Programs;
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

Services:
Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

I see that you installed AVG8 antivirus, that is good BUT you have to get those remaining pieces of Symantec OFF the system as it can interfere with the new AVG 8 and slow the system.
They appear to be located in C:\Program Files\Common Files\Symantec Shared\
I will read the rest of your logs and get back with you on those.
Judy