Can't rid of w32myzor

[kdesign]

Two days ago I downloaded a video file from a friend. It had a trojan attached...w32myzor, I think. I've run Norton, SpyHunter, AVG, and SUPERAntiSpyware. Everyday Norton's history shows that it has blocked attempts by another computer to access mine.

Here are the symptoms I got rid of and no longer have:
-Weird toolbar
-a new fake security-site homepage
-had many alerts to malware and spyware
-had a yellow triangle with an "exclamation point" alert in my small icons at bottom of desktop

Here are the symptoms I'm still having trouble with:
-cursor sometimes moves to the wrong place when I'm trying to type
-when searching online, I'm sometimes redirected to a music, video, or security site through "searchontop"
-When I've been redirected to a wrong site (listed above), I can't backtrack to my previous website or search engine.
-In an e-mail link to Facebook, I was given a message that it couldn't find the file. But, it worked after the second try.

I'm included my HJT file for you to analyze. It is from yesterday. I can't get HJT to open up today. A message keeps saying that it is all ready running. HJT is not listed in the Task Manager as running though. I also had to take out the url's listed as this is my first time posting on this site.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:44 AM, on 12/03/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIA EA.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.ex e
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 0:0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON Stylus CX4200 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIA EA.EXE /FU "C:\Windows\TEMP\E_S595A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6964 bytes


Also, should I not be going to personal banking sites or using my credit card until I get this fixed? I'm not sure how much this virus can do.

I want to thank you all in advance for trying to help me!

 

[Pc Fixed Right]

Are you a computer repair technician?

 

[kdesign]

Are you a computer repair technician?

No, just a stay-at-home mom who, years ago, used to be a graphic designer on a Mac. Bought a new PC this year. Dealing with this virus has helped me learn a lot about PC's!

 

[Rider]

When you ran the various scanners what were the results? What infections did it mention? Try running the scanners again.

 

[Pc Fixed Right]

Well If you're willing to learn we're willing to help.

Follow the instructions here

 

[kdesign]

I made a huge mistake of not writing any of it down. I have never dealt with viruses before. Norton and AVG came up with nothing but cookies, I believe. Spyhunter found some things and deleted them. That's what got rid of all of the major symptoms. Yesterday a rootkit (?) was deleted through SUPERantispyware. I have run each of these programs at least twice. Nothing but finding cookies comes up now. Should I each of them a third time or try something new?

 

[RyanMeray]

Something new. Your next step is to double-check that System Restore is disabled, download and install Malwarebytes Anti-Malware, update it, and then reboot into safe mode to run a full system scan.

If you're still having problems after that, or if there are locked files it cannot delete, you've got a rootkit.

 

[kdesign]

I will do that today. Thanks for the advice! I'll get back to you all in a few hours with the results. Keeping my fingers crossed!

 

[seedubya]

Why oh why are you guys feeding the LUSERS? Dammit, this is the ONLY place on the net a tech can go to get away from end users and their endless requests. Could we not keep it that way please? There are dozens of excellent forums catering to LUSERS and their problems. Why does Technibble need to be just another LUSER forums when it can be the premier tech-only forum on the net?

Am I alone in thinking this way? I don't think so. For instance, this lady joins, double-posts her problem, posts a HJT log without so much as a by-your-leave and while she is polite and obviously reasonably clued in, as soon as this problem is solved she'll be gone. That's no way to build a community. There are forums for this crap. I don't believe that this should be one of them.

This is far from the first time this has come up. Some Leadership, Bryce, please!! It is your site after all.

 

[Rider]

Why oh why are you guys feeding the LUSERS?

Some of us don't mind. Did you not get your coffee this morning? Good god, if you don't like a post, move on to the next one.

 

[seedubya]

Rider, why should I move on? I invest as much time and effort in keeping this forum active as the next user. If I have an opinion. I'll post it, much as you have done.

 

[kdesign]

Sorry that I have upset you. I only joined to post about my computer problem because of what the homepage states:

"What is Technibble? Technibble is a resource for computer technicians who are looking to start their own computer business or improve their existing one. Technibble also helps the 'average joe' home computer user through our how-to articles and computer help forums."

You are right in that I am wanting to find an answer to my problem and probably won't stay a part of this community indefinitely. I will also go to the site you suggested so as to not bother you.

I really do appreciate those of you who have been trying to help me. You are wonderful!

 

[seedubya]

kdesign, you haven't upset me at all. You're just trying to get your computer working. This is an issue I have with the site in general. It is currently falling between two stools - that of a professionals-only site on one hand and that of an end-user help site on the other. I personally think it should go the professional only route. There are plenty of open technical forums already.

 

[Pc Fixed Right]

Aye this is why I asked if kdesign is a tech. Kdesign did mention wanting to learn about pcs so I pointed in the right direction. I will have to agree with seedubya this is a site for techs or aspiring techs to get help when we get stuck not for the end user as there are many sites out there already dedicated to that.

 

[Bullfighter]

Technibble also helps the 'average joe' home computer user through our how-to articles and computer help forums."

She does have a point, it says this right on the home page... Perhaps there should be an "Average Joe" section where anyone can post and a "Professionals Only" Section where only the techs post.

That way if techs don't want to read through the beginner stuff they can stick to the Professional Only discussions.

My 2 cents...

EP

 

[Blues]

I would love for a way to distinguish the two and I would prefer this be a place to learn and share not just a place to find and get answers. I do view this place as more for the professionals mostly due to the crowd but welcome new people just want people who want to learn about it not just get thier issue fixed.