My computer recently got infected with a strange spyware/malware/virus. I am not sure which one...
Every now and then, there would be unknown processes (mostly starting with "win") in my task manager. I would be able to end those processes, but they would pop up again after a few minutes. And everytime this would happen, some of the applications wouldnt respond. Like Media Player Classic.
I tried Malware Bytes, spybot search and destroy, spyware doctor... but to no avail.
I finally formatted the drive where my OS was located, and did a fresh install of Windows XP. For a few minutes, the computer seems to work fine, and then, I once again have fresh problems. This time, I installed AVG 8.5, and it seems to keep intercepting WIN32/HEUR & WIN32/TANATOS.M virus.
What is shocking is that almost all the files that AVG keeps pulling up are application setup files and other program files. Eg: firefox.exe, googletalk.exe, mplayerc.exe, etc.
So AVG seems to be treating all my application files as virus.
I am not sure what to do. I can do a fresh install, but after doing it once and still having problems, I dont know whether I should try something else first. I have run the usual Malware Bytes. No unknown processes in the task manager, atleast as far as I can see.
I am posting HijackThis Log that i ran. Perhaps this will help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:52:02 AM, on 4/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\explorer.exe
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\PROGRA~1\AVG\AVG8\avgam.exe
H:\PROGRA~1\AVG\AVG8\avgrsx.exe
H:\PROGRA~1\AVG\AVG8\avgnsx.exe
H:\WINDOWS\system32\igfxtray.exe
H:\WINDOWS\system32\hkcmd.exe
H:\WINDOWS\system32\RunDll32.exe
H:\WINDOWS\system32\dslagent.exe
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
H:\Program Files\AVG\AVG8\avgcsrvx.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\AVG\AVG8\setup.exe
H:\WINDOWS\System32\cmd.exe
H:\WINDOWS\system32\ftp.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - H:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - H:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - H:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] H:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] H:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [imapd] "H:\WINDOWS\system32\imapd.exe" -at
O4 - Startup: Spybot - Search & Destroy.lnk = H:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1239457208328
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Windows Hosts Controller - Unknown owner - H:\WINDOWS\Fonts\unwise_.exe (file missing)
--
End of file - 4275 bytes
Kindly help me... thanks!