Used AV Personal, which DID find 3 TR "av-patch" corrupted system files, and quarantined.
But it seemed the TR's ate through, or another TR invaded, as program became corrupted and updated with the downloader trojans filename ending in .gz.
I was alarmed by the extension names whizzing past, as did not seem correct.
But ran deep full scan.
AVPersonal then turned up 24 warnings in log stating "could not open file & "ARCHIVE BOMB"
So then uninstalled AVPersonal,(hopefully including the gz's downloaded?),
reloaded fresh from existing AVP set-up I still had on desktop, ran AV scan again (withOUT updating), but AVPersonal did not then turn up anything.
Uninstalled AVPersonal, deleted out, and installed Kaspersky AV 7.0.
Kasp found a TR dwnldr file, which I deleted out. Also deleted out the back-up file of same.
Uninstalled Kasp 7.0 AV.
Downloaded Kaspersky Security 7.0 (includes firewall).
Ran scan.
Found nothing at all.
Cannot find the bogies.
I tried then to beef up firewall protection, thinking that this might help nail the rogues as I was receiving warning messages from Kasp such as for one, "svchost is trying to embed in another process to access the internet"
And another such warning, TPO or something (warnings about processes using other processes)
So I downloaded ZoneAlarm from filehippo, tried to install, and it bogged down & froze at 25% installed, repeatedly. So I ran CCleaner, and deleted out the set-up for ZA.
I then found
vsmon.exe running in start-up processes, and discovered that True Vector (of ZoneAlarm) was running, and that ZA was listed in my "remove programs" from Control Panel.
So I removed ZoneAlarm, even though it was only 25% installed.
NOW, when I go to Control Panel, "remove programs", almost none are listed.
In fact, of the 6 things or so listed, i don't even recognize what some of them are!!
In addition, CCleaner's list is corrupted the same.
In addition, SYSTEM RESTORE is out of commision, will not do a restore.
Not even the restore point I had created just before attempting to install ZA this morning, nor retsore to days ago.
Completely unfunctional, have lost Restore capability.
Tried F8 ing to "last known good config".
But system has been corrupted,
even the Control Panel cannot list installed programs on the add/remove list.
(Also, I cannot find any of the traces of True Vector, to see if I can re-install to ungroup programs, in case TrueVector had seized programs list)
Now, on top of all this, when I try to run my A2Squared scanner, it is showing up as Kaspersky scanning. The A2 window is open, but Kasp shows as scanning. If I "pause" in A2Sq, Kaspersky shows as paused.
Both programs seem utterly corrupted.
I have an older version HiJackThis, but am afraid to download newest!
Please advise if I need to, and please advise if you can on any of it!!
Many Thanks!
This affects my income, too..no computer, I'm in tough shape.
Thanks>>
Here is LOG FILE:
Logfile of HijackThis v1.99.1
Scan saved at 12:27:38 PM, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2free.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cleveland.cox.net/cci/news
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\RunOnce: [] C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.v...od/install.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093828361359
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
Edited by leftlane, 11 December 2007 - 12:41 PM.