EddieP

Members
  • Content count

    3
  • Joined

  • Last visited

About EddieP

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Malwarebytes' Anti-Malware 1.30 Database version: 1415 Windows 5.1.2600 Service Pack 2 11/21/2008 9:15:04 PM mbam-log-2008-11-21 (21-15-04).txt Scan type: Quick Scan Objects scanned: 58456 Time elapsed: 5 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 14 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\SYSTEM32\TDSSciou.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\TDSSliqp.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\TDSSnrse.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\TDSSoeqh.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\TDSSpqxt.sys (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS5e8c.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\Ed\Local Settings\Temp\TDSS17fd.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\TDSSosvn.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS566e.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Ed\Local Settings\Temp\TDSS17ce.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\TDSSfpmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\TDSSproc.log (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\TDSStkdv.log (Trojan.TDSS) -> Quarantined and deleted successfully. Logfile of HijackThis v1.99.1 Scan saved at 4:19:04 PM, on 11/23/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\LxrSII1s.exe C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\Tall Emu\Online Armor\oahlp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe G:\unzipped\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1224117195558 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1224343451593 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk...ows-i586-jc.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: karna.datw O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: getPlusĀ® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Unknown owner - C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service (file missing) O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe The "Pandascan" program wanted me to pay to see results??
  2. Advanced Seup, you are a saviour! I followed your directions and I was able to run ALL scans and it appears I have gotten rid of "antivirus 2009" Thank you so much. I was minutes away from doing a complete re-install of Windows until I checked the forum and found your reply. I am working on posting the logs from the scans as the links states. Thanks so much, Eddie P
  3. HELP! I wasn't sure which forum to pick for this, but I got the "antivirus 2009" bug on my PC and nothing, I mean nothing has been able to get rid of it, INCLUDING Malwarebytes! I downloaded it from a "clean" PC on a flash disk, installed it to the infected PC and it will not run, won't start up/open. The "bug" will not allow me to use any software I've tried nor will it allow me access to any website which might have an online scanner. I'm ready to wipe out Windows and start fresh; please help! EddieP