Hi artisticmind
Firstly follow DavidR's advise and see if we can identify the infection so to get some idea of what is the current state of play with malware threat. This will give us a bit of time to assess the next course of action. In the meantime what follows is an optional course of action, which you could undertake - or perhaps consider while other forum members might like to contribute second opinion on the situation.
If you want we can tidy up a bit to make things easier for removal work that may need to be done later. It would appear that the virus on yr system was originally identified as follows - and some of the removal work has since been underway, initially by Malwarebytes --
Malware by name exe.exe -
http://www.threatexpert.com/report.aspx?md5=dbd276f428069d37532f9697eb864ca91. You should run Norton /Symantec uninstaller tool(s) just so avast has a bit more freedom to perform to its best without false positives
- you had Norton Internet Security 2009, plus a Symantec Endpoint Protection product, I guess as trial that you did not activate
- so I dont think it would hurt to run the uninstaller tool(s)
It possible if i go back through my paperwork there was a trial of norton or something that came with the netbook that i never activated, not a fan of norton...
Here is the trace in yr OTL log --
= Win32 Services (Safelist) =
SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe -- (Norton Internet Security)
= Driver Services (SafeList) =
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
To sort these out, go to this page
http://uninstallers.blogspot.com and download both Norton / Symantec uninstaller tools.
Or (a bit harder) Symantec product -
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007080209280848?Open&seg=ent(Likewise)
http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_USYou will be wanting to boot into Safe Mode and run these uninstaller tools, but before you do that you can download HijackThis as well (if not done so already) so that you can also run an overview scan while you are in Safe Mode and do a bit of tidying up in preparation for any more serious removal work that needs to be done. Ultimately, you can run OTL again and just see how much damage still remains on yr system.
2. When you run the HijackThis scan, there are the entries you will look to fix. Click here – (will take direct to HjT download)
http://www.filehippo.com/download_hijackthis/download/8571e06e5eb8ab03c649f3b5d647c599/Run in Safe Mode. To fix an entry put a check in the box next to the entry and then click Fix checked tab down left corner of screen
Or you can post the log to the forum first, before taking action, if that is what you prefer
Fix the following --
O4 - HKLM..\Run: [Psurogaje] C:\WINDOWS\eqesabam.DLL File not found
O4 - HKCU..\Run: [Predujehoko] C:\WINDOWS\otalibc.DLL File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
The Java program on yr system looks a bit mess about - may pay to check for any damaged entries in Downloaded Program Files
Start -> Control Panel -> Internet Options -> General -> (Browsing history) Settings -> Objects, and check for anything with (damaged)
Reply post if any damage
Back to Java entries in HjT - this Plug-in is out of date
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab (Java Plug-in 1.5.0_17)
and this Plug-in is a double entry
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
this Plug-in is a good entry
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
However java has only now just been updated
- rather than use Fix checked just now, may pay to uninstall all existing java and re-install latest version (can do now or later)
Likewise some mess about with Adobe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
Check what you have for Adobe in Control Panel - would not hurt to uninstall all existing, then go to Adobe download page
http://www.adobe.com/downloads/ and only install Flash Player and Shockwave, for the time being while the malware issues are being attended to (And as with Java, dont have to do this now if dont want - can do now or later)
3. Run the OTL scan again to bring us up to date.
