Antivirus Protection
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me

The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.

Go Back   Dev Shed ForumsSystem AdministrationAntivirus Protection
Reload this Page

Trojan causes errors in WinXP display, and other programs


Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old January 24th, 2011, 08:10 PM
Korpsmann Korpsmann is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: May 2010
Posts: 7 Korpsmann User rank is Sergeant (500 - 2000 Reputation Level)Korpsmann User rank is Sergeant (500 - 2000 Reputation Level)Korpsmann User rank is Sergeant (500 - 2000 Reputation Level)Korpsmann User rank is Sergeant (500 - 2000 Reputation Level)Korpsmann User rank is Sergeant (500 - 2000 Reputation Level) 
Time spent in forums: 1 h 24 m 58 sec
Reputation Power: 0
Trojan causes errors in WinXP display, and other programs
Hi

I've been having a number of issues with my laptop as of late. While not entirely incapacitating, there appears to be a trojan or malware in my system that conventional antivirus programs can't eliminate, and it is causing a number of annoyances, such as causing svchost.exe to sporadically hog huge amounts of CPU and my WinXP taskbar to randomly switch to the "Windows Classic" style and back.

I'll post the few logs I've made that the instructions for this subforum said to do.

Quote:
Malwarebytes' Anti-Malware 1.50.1.1100
(URL address blocked: See forum rules)

Database version: 5591

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/24/2011 12:35:11 PM
mbam-log-2011-01-24 (12-35-11).txt

Scan type: Quick scan
Objects scanned: 155306
Time elapsed: 8 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\networkservice\application data\wrt7.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\owner.your-c37db1d973\application data\wrt7.exe (Trojan.Dropper) -> Quarantined and deleted successfully.


Quote:
SUPERAntiSpyware Scan Log
(URL address blocked: See forum rules)

Generated 01/24/2011 at 01:57 PM

Application Version : 4.48.1000

Core Rules Database Version : 6264
Trace Rules Database Version: 4076

Scan type : Complete Scan
Total Scan Time : 00:51:02

Memory items scanned : 751
Memory threats detected : 0
Registry items scanned : 6341
Registry threats detected : 0
File items scanned : 26194
File threats detected : 33

Rogue.Palladium
C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\uid_pal

Adware.Tracking Cookie
crackle.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\XG6H44GK ]
media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\XG6H44GK ]
media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\XG6H44GK ]
secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\XG6H44GK ]
crackle.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2NFR22DA ]
media.heavy.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2NFR22DA ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2NFR22DA ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2NFR22DA ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2NFR22DA ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2NFR22DA ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2NFR22DA ]
.2o7.net [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]
.xiti.com [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]
tracking.gameforge.de [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]
(URL address blocked: See forum rules) [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP0\A0000415.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP2\A0001011.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP2\A0001012.EXE

Trojan.Agent/Gen-Banker
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3\A0003982.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3\A0003996.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3\A0003997.EXE

Rootkit.Agent/Gen-Trexer
C:\WINDOWS\TEMP\10.TMP
C:\WINDOWS\TEMP\28.TMP
C:\WINDOWS\TEMP\29.TMP
C:\WINDOWS\TEMP\E.TMP


Quote:
BitDefender Online Scanner







Scan report generated at: Mon, Jan 24, 2011 - 17:04:07









Scan path: C:\;D:\;E:\;F:\;G:\;















Statistics

Time


01:52:25

Files


575204

Folders


8761

Boot Sectors


0

Archives


16397

Packed Files


43173







Results

Identified Viruses


3

Infected Files


6

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


4







Engines Info

Virus Definitions


6676115

Engine build


AVCORE v2.1 Windows/i386 11.0.0.42 (Oct 18 2010)

Scan plugins


18

Archive plugins


44

Unpack plugins


10

E-mail plugins


6

System plugins


4







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\arpot\95027-578-13.dat


Infected with: Gen:Variant.TDss.48

C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\arpot\95027-578-13.dat


Deleted

C:\WINDOWS\system32\ersvc9.dll


Infected with: Gen:Variant.Vundo.5

C:\WINDOWS\system32\ersvc9.dll


Deleted

C:\WINDOWS\Temp\10.tmp


Infected with: Trojan.Generic.KDV.116285

C:\WINDOWS\Temp\10.tmp


Deleted

C:\WINDOWS\Temp\13.tmp


Infected with: Trojan.Generic.KDV.116285

C:\WINDOWS\Temp\13.tmp


Delete failed

C:\WINDOWS\Temp\2C.tmp


Infected with: Trojan.Generic.KDV.116285

C:\WINDOWS\Temp\2C.tmp


Deleted

C:\WINDOWS\Temp\2D.tmp


Infected with: Trojan.Generic.KDV.116285

C:\WINDOWS\Temp\2D.tmp


Delete failed


Quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:32 PM, on 1/24/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = (URL address blocked: See forum rules)=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6453
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = (URL address blocked: See forum rules)=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = (URL address blocked: See forum rules)=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = (URL address blocked: See forum rules)=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = (URL address blocked: See forum rules)=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = (URL address blocked: See forum rules)=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6453
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = (URL address blocked: See forum rules)=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6453
R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Trillian Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner.YOUR-C37DB1D973\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Xbegeru] rundll32.exe "C:\WINDOWS\mserpdr.dll",Startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - (URL address blocked: See forum rules)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10920 bytes
Reply With Quote
  #2  
Old January 27th, 2011, 04:51 PM
Absnt_Myndd Absnt_Myndd is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jan 2011
Posts: 1 Absnt_Myndd User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 12 m
Reputation Power: 0
Same problem
I seem to have the same problem you have. I was wondering if you made any progress in getting rid of this virus. It's very annoying.
Reply With Quote
  #3  
Old February 10th, 2011, 09:47 AM
Aayudh Aayudh is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Nov 2010
Posts: 67 Aayudh User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 9 h 44 m 50 sec
Reputation Power: 3
I guess upgrading with a newer version and scanning is the only solution when you don't know what exactly solution is.
__________________
Host.co.in - Web Hosting India | Cheap Windows VPS | Reseller Web Hosting
Reply With Quote
  #4  
Old February 16th, 2011, 05:44 AM
cyberls cyberls is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Feb 2011
Posts: 7 cyberls User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 h 9 m 18 sec
Reputation Power: 0
Get an upgraded version...this will help you
Reply With Quote
  #5  
Old February 17th, 2011, 04:24 AM
DonR DonR is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Oct 2009
Posts: 494 DonR User rank is Captain (20000 - 30000 Reputation Level)DonR User rank is Captain (20000 - 30000 Reputation Level)DonR User rank is Captain (20000 - 30000 Reputation Level)DonR User rank is Captain (20000 - 30000 Reputation Level)DonR User rank is Captain (20000 - 30000 Reputation Level)DonR User rank is Captain (20000 - 30000 Reputation Level)DonR User rank is Captain (20000 - 30000 Reputation Level)DonR User rank is Captain (20000 - 30000 Reputation Level)DonR User rank is Captain (20000 - 30000 Reputation Level)  Folding Points: 29722 Folding Title: Starter FolderFolding Points: 29722 Folding Title: Starter Folder
Time spent in forums: 2 Weeks 2 Days 20 h 42 m 20 sec
Reputation Power: 216
try using Combofix http://www.combofix.org/
Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationAntivirus Protection > Trojan causes errors in WinXP display, and other programs

« Previous Thread | Next Thread »

Developer Shed Advertisers and Affiliates



Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 


Powered by: vBulletin Version 3.0.5
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap