 |  |  |  |  |  |  |  |
XP Antivirus :(
 |
I've been through so many forum topics in the past 24 hours, all over the internet. Spybot S&D, etc. etc. etc.... except for I contracted a severe strain of this virus which does not even let me download .exe's!
You've probably heard of XP Antivirus before.
So I went on another computer on my home network, downloaded several .exe's there, moved them to my computer, and finally got a Spybot scan to run. 6 entries found for XPAntivirus 2008 and fixed without hassle. Used a "Move on Boot" tool to clear out the folder in Program Files, and cleared the registry as well as a hidden little .exe in system32.
I'm still having problems with browsing the internet however... Google search redirects to bogus pages (now go.google.com/?* gives me a 403 error, which is a little better). It's also extremely slow and some font sizes are strange. I've been able to get on google using http://sureproxy.com. Odd font sizes, slow browsing, and problems with scripts (as well as problems with local clients that access the internet) are still giving me loads of issues though.
Here are the diagnostics you guys need:
Windows Malicious Software tool finds nothing.
HijackThis log:
Uninstall_list.txt (HijackThis):
Malwarebytes is still running but I highly doubt it'll find anything, I've run it already. I will post logs up when the current thorough scan is complete if they help. I'm posting this as well from a different computer as the virus is not permitting the entry form for posting a new thread to submit.
You've probably heard of XP Antivirus before.
So I went on another computer on my home network, downloaded several .exe's there, moved them to my computer, and finally got a Spybot scan to run. 6 entries found for XPAntivirus 2008 and fixed without hassle. Used a "Move on Boot" tool to clear out the folder in Program Files, and cleared the registry as well as a hidden little .exe in system32.
I'm still having problems with browsing the internet however... Google search redirects to bogus pages (now go.google.com/?* gives me a 403 error, which is a little better). It's also extremely slow and some font sizes are strange. I've been able to get on google using http://sureproxy.com. Odd font sizes, slow browsing, and problems with scripts (as well as problems with local clients that access the internet) are still giving me loads of issues though.
Here are the diagnostics you guys need:
Windows Malicious Software tool finds nothing.
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:46 PM, on 8/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Pidgin\pidgin.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\RAMASST.exe
C:\greenshot\Greenshot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\windows-kb890830-v2.1.exe
c:\6e6731600b6584fcc28c4f85a543a3\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\Program Files\Internet Explorer\Iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Greenshot.lnk = C:\greenshot\Greenshot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201301464241
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201301561538
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 10294 bytesUninstall_list.txt (HijackThis):
Adobe Flash Player Plugin Adobe Reader 7.0.5 Adobe Shockwave Player AOL Coach Version 2.0(Build:20041026.5 en) Apple Mobile Device Support Apple Software Update ASIO4ALL Audacity 1.2.4 avast! Antivirus AVS Video Converter 6 AVS4YOU Software Navigator 1.2 BitComet 0.70 Bluetooth Stack for Windows by Toshiba Bonjour CD/DVD Drive Acoustic Silencer Civilization IV - Warlords Collab Compatibility Pack for the 2007 Office system Dawn of War - Dark Crusade DawnOfWar Dev-C++ 5 beta 9 release (4.9.9.2) DivX Codec DivX Converter DivX Player DivX Web Player DVD-RAM Driver DVDx FileZilla Client 3.0.10 Finale NotePad 2008 FL Studio 8 FL Studio v7.0 Freelancer GiPo@MoveOnBoot 1.9.5 Google Earth Google Toolbar for Internet Explorer GTK+ Runtime 2.12.1 rev b (remove only) High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows XP (KB893357) Hotfix for Windows XP (KB894871) Hotfix for Windows XP (KB895200) Hotfix for Windows XP (KB896256) Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB935448) Hotfix for Windows XP (KB952287) Hydrogen IL Download Manager Intel(R) PRO Network Connections Drivers Intel(R) PROSet/Wireless Software InterVideo WinDVD Creator 2 InterVideo WinDVD for TOSHIBA iTunes J2SE Runtime Environment 5.0 Update 4 LapLink USB Network cable adapter LG USB Drivers LimeWire 4.12.6 LinPlug SaxLab LiveUpdate 3.0 (Symantec Corporation) Macromedia Flash Player 8 Magic Workstation 0.94f Malwarebytes' Anti-Malware mCore mDrWiFi Metamail (Toshiba Registration Utility) mHelp Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 Service Pack 1 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft SQL Server Compact 3.5 Design Tools ENU Microsoft SQL Server Compact 3.5 ENU Microsoft Visual Basic 2008 Express Edition - ENU Microsoft Visual Basic 2008 Express Edition - ENU Microsoft Visual C++ 2005 Redistributable Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 mIWA mLogView mMHouse Mono for Windows 1.9.1 Mozilla Firefox (2.0.0.16) mPfMgr mPfWiz mProSafe MSDN Library for Microsoft Visual Studio 2008 Express Editions MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) mWlsSafe mXML mZConfig Notepad++ NVIDIA Drivers Office 2003 Trial Assistant Pidgin Pinnacle VideoSpin PoiZone Project64 1.6 QuickTime RealPlayer Realtek AC'97 Audio Realtek High Definition Audio Driver sat_screensaver_30mb SD Secure Module Sea3D Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB942615) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944338) Security Update for Windows XP (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB947864) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Sibelius Scorch Sid Meier's Civilization 4 Skype™ 3.8 SmartFTP Client 2.0 SmartFTP Client 2.0 Setup Files (remove only) Software Suite Sonic DLA Sonic RecordNow! Steam Synaptics Pointing Device Driver Texas Instruments PCIxx21/x515/xx12 drivers. TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Controls TOSHIBA Hotkey Utility TOSHIBA PC Diagnostic Tool TOSHIBA Power Saver TOSHIBA SD Memory Card Format TOSHIBA Software Modem TOSHIBA Software Upgrades TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 TOSHIBA TouchPad ON/Off Utility TOSHIBA Utilities TOSHIBA Virtual Sound TOSHIBA Zooming Utility Toxic Biohazard Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB912945) Update for Windows XP (KB916595) Update for Windows XP (KB920342) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB925720) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Update for Windows XP (KB946627) Update for Windows XP (KB951072-v2) Viewpoint Media Player VOB2MPG 2.5 VST Bridge 1.0 Winamp (remove only) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB884018 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885855 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB889673 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893056 winLAME prerelease4 WinRAR archiver Xfire (remove only)
Malwarebytes is still running but I highly doubt it'll find anything, I've run it already. I will post logs up when the current thorough scan is complete if they help. I'm posting this as well from a different computer as the virus is not permitting the entry form for posting a new thread to submit.
Malwarebytes found 26 items - have not taken action on any of these items as of yet
Malwarebytes' Anti-Malware 1.25 Database version: 1092 Windows 5.1.2600 Service Pack 2 2:21:38 PM 8/28/2008 mbam-log-08-28-2008 (14-21-35).txt Scan type: Full Scan (C:\|) Objects scanned: 168691 Time elapsed: 54 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 11 Files Infected: 12 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken. Registry Values Infected: HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken. HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\Autorun (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\Packages (Rogue.Multiple) -> No action taken. Files Infected: C:\WINDOWS\system32\blphc7sfj0eg4n.scr (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\clbcat.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\phc7sfj0eg4n.bmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\pphc7sfj0eg4n.exe (Trojan.FakeAlert) -> No action taken. C:\Documents and Settings\Dyl Hsu\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.
•
•
Join Date: Jul 2008
Posts: 2,954
Reputation: 
Solved Threads: 169
Re-run the Malwarebytes program again and allow it to fix everything it finds.
Also run the online ESET Scanner and allow it also to fix all it finds. Note* You must use Internet Explorer for the ESET scanner.
Post back here with both logs.
Also run the online ESET Scanner and allow it also to fix all it finds. Note* You must use Internet Explorer for the ESET scanner.
Post back here with both logs.
Did a boot fix of Malware and running the scan again...
however, when I try to open Internet Explorer, the process IEXPLORE.EXE shows up in the Task Mngr's list of processes, but then immediately vanishes. Is there an alternative to the ESET scanner?
If it helps, I've also ran Avast! scans.
however, when I try to open Internet Explorer, the process IEXPLORE.EXE shows up in the Task Mngr's list of processes, but then immediately vanishes. Is there an alternative to the ESET scanner?
If it helps, I've also ran Avast! scans.
•
•
Join Date: Jul 2008
Posts: 2,954
Reputation:
Solved Threads: 169
•
•
•
•
Originally Posted by DylanHsu 
Did a boot fix of Malware and running the scan again...
.
Try HouseCall
As I sit here waiting for scan results I am surprised to say that the problems seem to have vanished upon that first Malwarebytes scan, however, the second scan still has found infection and the TrendMicro scan is not done. I'll follow up shortly, thanks for all the help - hopefully I'm nearly done with this pesky virus.
•
•
Join Date: Jul 2008
Posts: 2,954
Reputation:
Solved Threads: 169
Be sure to post ALL the logs. We may need to try one more thing. But I need to see the logs to be certain.
Malwarebytes' Anti-Malware 1.25 Database version: 1092 Windows 5.1.2600 Service Pack 2 2:39:33 PM 8/28/2008 mbam-log-08-28-2008 (14-39-33).txt Scan type: Full Scan (C:\|) Objects scanned: 168691 Time elapsed: 54 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 11 Files Infected: 12 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Mi crosoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\td ss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mi crosoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpape r (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpap er (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\A utorun (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\A utorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\A utorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\A utorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\A utorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\A utorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\A utorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\B rowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\P ackages (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\blphc7sfj0 eg4n.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\clbcat.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssadw.dl l (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssserf.d ll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssmain.d ll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssinit.d ll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdsslog.dl l (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\td ssserv.sys (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\phc7sfj0eg 4n.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pphc7sfj0e g4n.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Dyl Hsu\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
TrendMicro is stuck at 1 and 1/4 minutes left but hopefully it will give me logs sooner or later.
|
Similar Threads
- is there anything better than Norton Antivirus? (Windows Software)
- multiple antivirus software on one pc (Windows NT / 2000 / XP)
- AGV ANtivirus vs Norton? (Viruses, Spyware and other Nasties)
- Windows Managing Firewall,antivirus (Windows NT / 2000 / XP)
- Service Pack 2 - Firewall/Antivirus Status Unknown (Windows NT / 2000 / XP)
- Norton Antivirus and Eudora Issue (OS X)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Computer freezes whenever I try to run an anti-virus program
- Next Thread: Which firewall to choose
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit fake fancheckvirus gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile parents patch phishing police policeprovirusmba-mblockedinternetaccess president pro problem redirect reliability report research risk rogueantivirus samhain sans school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war windows worm yahoo zeroday
