http://www.dslreports.com/forum/r20299147 en Fri, 25 Jul 2008 14:04:35 EDT Fri, 25 Jul 2008 14:04:35 EDT http://www.dslreports.com/forum/remark,20316666 unhg : I have 3 weeks left before i can good home. My laptop has to last me until i can transfer off some of my files before i can wipe out my OS.]]> http://www.dslreports.com/forum/remark,20316666 Fri, 11 Apr 2008 02:20:07 EDT http://www.dslreports.com/forum/remark,20310604 bcastner : You have XP without any Service Packs, and without any security updates. This is in the main why you become infected. It also explains why your posts in several security Forums about this computer have been ignored.

Most of your infection is using security loopholes long closed by keeping XP up to date.

In addition, at least one of your infections is a file injector, as seen in your AVAST screenshot.

Format all drives and reinstall XP clean. No other cleanup step should be considered. It is time to flatten and reinstall the Operating System.

When done, Enable the firewall; install an Antivirus program, update the antivirus program.

Then head to Windows Update and install at least Service Pack 2 -- or given the timing of matters, the Release Candidate of Service Pack 3. Install every update offered that is listed as "Critical".
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users

]]> http://www.dslreports.com/forum/remark,20310604 Wed, 09 Apr 2008 20:04:26 EDT http://www.dslreports.com/forum/remark,20299160 unhg : »img221.imageshack.us/my.php?imag···pqd5.png

A pic i took from Avast.

Install AVG too and this is a screen from that

»img91.imageshack.us/my.php?image=avgsj8.png

I still have this backdrop virus even tho both detects it.]]> http://www.dslreports.com/forum/remark,20299160 Mon, 07 Apr 2008 20:08:38 EDT http://www.dslreports.com/forum/remark,20299147 unhg : My avast detect both of these but avast keeps popping back up reporting the problem again after i supposely deleted it from avast.
Spybot didn't detect anything at all. All updated too.
HJ Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:49 PM, on 4/7/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\NEW\System32\smss.exe
C:\WINDOWS\NEW\system32\csrss.exe
C:\WINDOWS\NEW\system32\winlogon.exe
C:\WINDOWS\NEW\system32\services.exe
C:\WINDOWS\NEW\system32\lsass.exe
C:\WINDOWS\NEW\system32\svchost.exe
C:\WINDOWS\NEW\System32\svchost.exe
C:\WINDOWS\NEW\System32\svchost.exe
C:\WINDOWS\NEW\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\NEW\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\NEW\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\NEW\System32\hkcmd.exe
C:\WINDOWS\NEW\TPPALDR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\NEW\System32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\NEW\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\NEW\System32\wbem\wmiprvse.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\ecoli2\Desktop\Freshman paper\Patch\IDMIECC.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\NEW\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\NEW\System32\hkcmd.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\NEW\TPPALDR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\NEW\System32\igfxtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\NEW\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\NEW\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\NEW\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\NEW\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All Links with IDM - C:\Documents and Settings\ecoli2\Desktop\Freshman paper\Patch\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\ecoli2\Desktop\Freshman paper\Patch\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\NEW\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\NEW\web\related.htm
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\NEW\system32\ZoneLabs\vsmon.exe

--
End of file - 4690 bytes]]> http://www.dslreports.com/forum/remark,20299147 Mon, 07 Apr 2008 20:07:10 EDT