A little background for you (since this is the first time I have done this, I am not sure everything I have to say is relevant, so bear with me).
I had another Trojan on my laptop (identified by Spy Doctor) and presumably quarantined. As well, my ISP has a Norton Anti-Spy program as part of their package, that also identified other issues and quarantined them. Their email program runs through Yahoo.
However, I continued to have issues and both these programs were causing so many page faults, I disabled both of them. I also downloaded Avira through your site and thought my problems were solved and continued to get error messages related to Avira, so I uninstalled it.
I also use CC Cleaner and find it extremely useful (I have backups from them if you require them). Having said that, I see entries in the registry that have no active programs e.g. Panda Software, Online scan and am not sure why they are not being cleaned.
Also, in system start up, there is a blank line referring to software\microsoft\windows\current version\run (I also disabled this and have a screen shot if you would like to see it).
I have been plagued with issues for the last month and it all seemed to start after I downloaded some new printer and mouse drivers and Windows signature checking process popped up and asked for a XP Professional CD, which I inserted into the drive (not realising that this was a CD my daughter had from work - this was her laptop and she worked from home quite often) and because this laptop is an OEM installation, there is no CD for this purpose. I could not back out of the process and had to accept the drivers despite the warning message. After much research I discovered that when an OEM setup is done, the OWNER account is not removed and will show as Unknown User, and that Microsoft had fixed that in their SP2. Obviously this is an ongoing issue, because I was able to request a hotfix for this (which I am not sure worked, as I do not know if this unknown user is the Trojan identified by BitDefender or the original owner account). I also requested a hotfix for USER32.dll, as it was showing up in the Sysinternal processes with many problematic entries. Neither of these fixes seemed to resolve my issues.
I am also doing an online course (Sage Accpac), accessed through a program launch resident on my laptop, called Embanet and have imported .csv files from there and I recently read (on ZDNet) that there is an issue with Excel that Microsoft has not patched yet. I have Office 2007, but the .csv files are in 2003 versions.
http://blogs.zdnet.com/security/?p=814&tag=nl.e539
As I said in my first sentence, I am not sure if any of this is relevant to the infection I have now, but I thought you should be aware of all of the above.
I hope the foregoing is helpful (not annoying to you) and that you can help me with my issues. Glad there are people like you to combat others who are quite the opposite.
Thank you.
P.S. When I tried to include the BitDefender txt I received the message " Upload failed. Please ask the administrator to check the settings and permissions". I tried this three times. Since I am the administrator (only user, besides the Trojan), I do not understand why this message occurred. I was able to attach the other logs and they are all saved as .txt to the desktop. Please let me know what to do.
PPS...After reading some of the posts on these issues, I thought I should mention that Microsoft has verified that both my XP and Office are Genuine products and I am able to use their site for updates.
Full Version: Hijack This Log Analysis Trojan identified
piricyn:
Sorry for the long delay in answering.
If you still need help, please proceed as follows:
---------------------------------------------
Symantec did not remove everything as it should. This is a common porblem.
To completely remove Norton Antivirus, Download and Run the Norton Removal Tool for your version of Windows.
http://service1.symantec.com/SUPPORT/tsgen...005033108162039
Perform the DownLoad for your version of Windows (download to your desktop as it says).
On your desktop, click on Norton Removal Tool and follow the instructions.
----------------------------------------------------------
Download and Install CCleaner
-----------------------------------------------------------
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).
Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
----------------------------------------------------------------------------------
Run MalwareBytes' Anti-Malware
Please download the Installer and save to your desktop.
Please Post the contents of CCleaner's install.txt and the Malwarebytes log.
It's better if you just paste the logs contents into the reply, rather than attaching them.
askey127
Sorry for the long delay in answering.
If you still need help, please proceed as follows:
---------------------------------------------
Symantec did not remove everything as it should. This is a common porblem.
To completely remove Norton Antivirus, Download and Run the Norton Removal Tool for your version of Windows.
http://service1.symantec.com/SUPPORT/tsgen...005033108162039
Perform the DownLoad for your version of Windows (download to your desktop as it says).
On your desktop, click on Norton Removal Tool and follow the instructions.
----------------------------------------------------------
Download and Install CCleaner
- Download CCleaner from here . Choose the Slim version.
- Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
- Click OK
- Click Next
- Click I agree
- Click Next
- Click Install
- Once the installation has finished, click Finish
-----------------------------------------------------------
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).
- Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data. - Click on the Options block on the left. Select Advanced.
Uncheck Only delete files in Windows Temp folders older than 48 hours. - Set Cookie Retention.
Click on the Options block on the left, then choose Cookies.
Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane. - Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.
Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
----------------------------------------------------------------------------------
Run MalwareBytes' Anti-Malware
Please download the Installer and save to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform Quick Scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
- The log can also be found here if you need it : Start, All Programs, Malwarebytes' Anti-Malware, Logs
The logs are named by date stamp
Please Post the contents of CCleaner's install.txt and the Malwarebytes log.
It's better if you just paste the logs contents into the reply, rather than attaching them.
askey127
QUOTE (askey127 @ Mar 11 2008, 12:05 AM) 
piricyn:
Sorry for the long delay in answering.
If you still need help, please proceed as follows:
---------------------------------------------
Symantec did not remove everything as it should. This is a common porblem.
To completely remove Norton Antivirus, Download and Run the Norton Removal Tool for your version of Windows.
http://service1.symantec.com/SUPPORT/tsgen...005033108162039
Perform the DownLoad for your version of Windows (download to your desktop as it says).
On your desktop, click on Norton Removal Tool and follow the instructions.
----------------------------------------------------------
Download and Install CCleaner
-----------------------------------------------------------
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).
Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
----------------------------------------------------------------------------------
Run MalwareBytes' Anti-Malware
Please download the Installer and save to your desktop.
Please Post the contents of CCleaner's install.txt and the Malwarebytes log.
It's better if you just paste the logs contents into the reply, rather than attaching them.
askey127
Sorry for the long delay in answering.
If you still need help, please proceed as follows:
---------------------------------------------
Symantec did not remove everything as it should. This is a common porblem.
To completely remove Norton Antivirus, Download and Run the Norton Removal Tool for your version of Windows.
http://service1.symantec.com/SUPPORT/tsgen...005033108162039
Perform the DownLoad for your version of Windows (download to your desktop as it says).
On your desktop, click on Norton Removal Tool and follow the instructions.
----------------------------------------------------------
Download and Install CCleaner
- Download CCleaner from here . Choose the Slim version.
- Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
- Click OK
- Click Next
- Click I agree
- Click Next
- Click Install
- Once the installation has finished, click Finish
-----------------------------------------------------------
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).
- Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data. - Click on the Options block on the left. Select Advanced.
Uncheck Only delete files in Windows Temp folders older than 48 hours. - Set Cookie Retention.
Click on the Options block on the left, then choose Cookies.
Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane. - Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.
Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
----------------------------------------------------------------------------------
Run MalwareBytes' Anti-Malware
Please download the Installer and save to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform Quick Scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
- The log can also be found here if you need it : Start, All Programs, Malwarebytes' Anti-Malware, Logs
The logs are named by date stamp
Please Post the contents of CCleaner's install.txt and the Malwarebytes log.
It's better if you just paste the logs contents into the reply, rather than attaching them.
askey127
Thanks for your response. I did most of what you have suggested here (using resources from other sites) and nothing has been resolved. However, since I contacted you, I have had Microsoft on my laptop to try to resolve some issues. They are stymied and suggested I do a complete system recovery. They basically rebuilt WINDOWS XP SP2 and could not overcome my inability to use their Windows Defender or Automatic updates (I was able to use both of these until recently and am still able to download updates manually).
At this time, I am so behind in my online courses, I must put everything else on hold and will proceed with a reinstall when I am able to. I only need to connect to their site to send in assignments and am keeping my presence on the net minimal.
I recognise that there are many "nasties" out there who want to compromise others and I do appreciate the fact that groups like yours do their best to combat them. Thank you.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.