Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

XP Antivirus 2008

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

XP Antivirus 2008

Unread postby Nothavingagoodday » August 14th, 2008, 10:12 am

Hello

My PC has been infected with that annoying XP Virus. Can someone help me remove it?

Many thanks

Catherine
Nothavingagoodday
Active Member
 
Posts: 12
Joined: August 3rd, 2008, 12:09 pm
Advertisement
Register to Remove

Re: XP Antivirus 2008

Unread postby Shaba » August 16th, 2008, 4:56 am

Hi Nothavingagoodday

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: XP Antivirus 2008

Unread postby Nothavingagoodday » August 16th, 2008, 6:42 am

Hello

Log as requested!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:30, on 16/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Windows\System32\NMSSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Windows\System32\svchost.exe
C:\Windows\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Windows\System32\alg.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wscntfy.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Windows\system32\PROMon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1170918074\ee\AOLSoftware.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\System32\HPZipm12.exe
C:\PROGRA~1\AOL9~1.0VR\waol.exe
C:\PROGRA~1\AOL9~1.0VR\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com/isapi/redir.dll?prd=i ... ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170918074\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [advap32] "C:\Documents and Settings\LocalService\Application Data\943327918.exe"/r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computerc ... diagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/ ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/ ... cgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\Windows\wanmpsvc.exe

--
End of file - 12521 bytes
Nothavingagoodday
Active Member
 
Posts: 12
Joined: August 3rd, 2008, 12:09 pm

Re: XP Antivirus 2008

Unread postby Shaba » August 16th, 2008, 6:49 am

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: XP Antivirus 2008

Unread postby Nothavingagoodday » August 17th, 2008, 8:50 am

Hello

I have run the programme that you suggested and I have attached the following log.
Looks like it has worked.

Many thanks for your help

Catherine


SDFix: Version 1.216
Run by Administrator on 17/08/2008 at 13:15

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\Administrator\Desktop\SDFix

Checking Services :

Name :
sysrest.sys

Path :
\??\C:\Windows\system32\sysrest.sys

sysrest.sys - Deleted



Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper
Restoring Default ScreenSaver value

Rebooting


Checking Files :

Trojan Files Found:

C:\Windows\system32\pphc37gj0eelc.exe - Deleted
C:\Program Files\rhc77gj0eelc\database.dat - Deleted
C:\Program Files\rhc77gj0eelc\license.txt - Deleted
C:\Program Files\rhc77gj0eelc\MFC71.dll - Deleted
C:\Program Files\rhc77gj0eelc\MFC71ENU.DLL - Deleted
C:\Program Files\rhc77gj0eelc\msvcp71.dll - Deleted
C:\Program Files\rhc77gj0eelc\msvcr71.dll - Deleted
C:\Program Files\rhc77gj0eelc\rhc77gj0eelc.exe.local - Deleted
C:\Program Files\rhc77gj0eelc\Uninstall.exe - Deleted
C:\WINDOWS\SYSTEM32\PPHC37~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\PHC37G~1.BMP - Deleted
C:\Windows\system32\blphc37gj0eelc.scr - Deleted
C:\DOCUME~1\LOCALS~1\APPLIC~1\971706~1.EXE - Deleted
C:\DOCUME~1\LOCALS~1\APPLIC~1\977081~1.EXE - Deleted
C:\DOCUME~1\LOCALS~1\APPLIC~1\977343~1.EXE - Deleted
C:\DOCUME~1\LOCALS~1\APPLIC~1\984945~1.EXE - Deleted
C:\DOCUME~1\LOCALS~1\APPLIC~1\988878~1.EXE - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt10.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt11.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt12.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1C7.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt20.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt21.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt22.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt23.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt24.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt25.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt26.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt27.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt28.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2F.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2FD.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt30.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt32.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt325.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt33.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt34.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt35.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt36.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt37.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt38.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3F.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt40.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt42.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt43.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt44.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt45.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt46.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt47.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt48.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4A8.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4EC.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4F.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt50.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt52.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt53.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt54.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt55.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt56.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt57.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt58.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt586.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt589.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt58B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt58E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt59.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt590.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt593.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt595.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt598.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt59A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt59C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt59F.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5F.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt60.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt61.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt63.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt64.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt65.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt66.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt68.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt69.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt70.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt72.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt73.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt74.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt76.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt77.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt78.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt80.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt81.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt82.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt83.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt84.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt85.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt86.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt88.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt89.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt90.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt91.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt92.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt93.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt95.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt96.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt97.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt99.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9F.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA0.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA1.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA3.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA4.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA5.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA6.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA7.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA8.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA9.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttAB.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttAC.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttAD.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttAE.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttAF.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB0.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB1.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB3.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB4.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB5.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB6.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB7.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB8.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB9.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttBB.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttBC.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttBD.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttBE.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttBF.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC0.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC1.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC3.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC4.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC5.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC7.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC9.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttCB.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttCD.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttCF.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD1.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD3.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD5.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD7.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD9.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttDB.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttDD.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttDF.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE1.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE3.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE5.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE8.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttEA.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttEC.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttEE.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttF.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttF0.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttF2.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8.tmp.vbs - Deleted
C:\Windows\system32\14.tmp - Deleted
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk - Deleted
C:\Windows\system32\WinCtrl32.dll - Deleted



Folder C:\Program Files\rhc77gj0eelc - Removed
Folder C:\Documents and Settings\Administrator\Application Data\rhc77gj0eelc - Removed
Folder C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 13:26:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027282875f]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00027282875f]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Common Files\\AOL\\1170918074\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1170918074\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"="C:\\Program Files\\AOL 9.0 VR\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\DOCUME~1\ADMINI~1\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 22 Jun 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Tue 22 Jun 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Tue 22 Jun 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Tue 22 Jun 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0a\aolphx.exe"
Tue 22 Jun 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0a\aoltray.exe"
Tue 22 Jun 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0a\RBM.exe"
Mon 22 Jan 2007 46,640 A..H. --- "C:\Program Files\AOL 9.0 VR\AOLphx.exe"
Fri 10 Nov 2006 54,832 A..H. --- "C:\Program Files\AOL 9.0 VR\AOLphxex.exe"
Fri 10 Nov 2006 33,328 A..H. --- "C:\Program Files\AOL 9.0 VR\rbm.exe"
Tue 28 Mar 2006 236,032 A..H. --- "C:\temp\aol\curl.exe"
Wed 29 Dec 2004 61,440 A..H. --- "C:\temp\aol\modemconfig.exe"
Wed 23 Apr 2008 25,088 ...H. --- "C:\Documents and Settings\Administrator\My Documents\~WRL0004.tmp"
Sat 26 Jul 2008 154 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti1FB9.tmp"
Wed 7 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 21 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT1BF.tmp"
Sun 12 Sep 2004 190,464 ...H. --- "C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\~WRL2350.tmp"
Thu 13 Oct 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

Finished!
You do not have the required permissions to view the files attached to this post.
Nothavingagoodday
Active Member
 
Posts: 12
Joined: August 3rd, 2008, 12:09 pm

Re: XP Antivirus 2008

Unread postby Shaba » August 17th, 2008, 9:07 am

Please post also a fresh HijackThis log :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: XP Antivirus 2008

Unread postby Nothavingagoodday » August 17th, 2008, 9:20 am

As promised

ttp://malwareremoval.com/forum/viewtopi ... 2&e=337162

SDFix: Version 1.216
Run by Administrator on 17/08/2008 at 13:15

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\Administrator\Desktop\SDFix

Checking Services :

Name :
sysrest.sys

Path :
\??\C:\Windows\system32\sysrest.sys

sysrest.sys - Deleted



Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper
Restoring Default ScreenSaver value

Rebooting


Checking Files :

Trojan Files Found:

C:\Windows\system32\pphc37gj0eelc.exe - Deleted
C:\Program Files\rhc77gj0eelc\database.dat - Deleted
C:\Program Files\rhc77gj0eelc\license.txt - Deleted
C:\Program Files\rhc77gj0eelc\MFC71.dll - Deleted
C:\Program Files\rhc77gj0eelc\MFC71ENU.DLL - Deleted
C:\Program Files\rhc77gj0eelc\msvcp71.dll - Deleted
C:\Program Files\rhc77gj0eelc\msvcr71.dll - Deleted
C:\Program Files\rhc77gj0eelc\rhc77gj0eelc.exe.local - Deleted
C:\Program Files\rhc77gj0eelc\Uninstall.exe - Deleted
C:\WINDOWS\SYSTEM32\PPHC37~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\PHC37G~1.BMP - Deleted
C:\Windows\system32\blphc37gj0eelc.scr - Deleted
C:\DOCUME~1\LOCALS~1\APPLIC~1\971706~1.EXE - Deleted
C:\DOCUME~1\LOCALS~1\APPLIC~1\977081~1.EXE - Deleted
C:\DOCUME~1\LOCALS~1\APPLIC~1\977343~1.EXE - Deleted
C:\DOCUME~1\LOCALS~1\APPLIC~1\984945~1.EXE - Deleted
C:\DOCUME~1\LOCALS~1\APPLIC~1\988878~1.EXE - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt10.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt11.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt12.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1C7.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt20.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt21.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt22.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt23.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt24.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt25.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt26.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt27.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt28.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2F.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2FD.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt30.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt32.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt325.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt33.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt34.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt35.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt36.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt37.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt38.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3F.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt40.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt42.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt43.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt44.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt45.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt46.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt47.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt48.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4A8.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4EC.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4F.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt50.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt52.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt53.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt54.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt55.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt56.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt57.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt58.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt586.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt589.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt58B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt58E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt59.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt590.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt593.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt595.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt598.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt59A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt59C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt59F.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5F.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt60.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt61.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt63.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt64.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt65.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt66.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt68.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt69.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt70.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt72.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt73.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt74.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt76.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt77.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt78.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt80.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt81.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt82.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt83.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt84.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt85.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt86.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt88.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt89.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8C.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt90.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt91.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt92.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt93.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt95.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt96.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt97.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt99.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9A.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9B.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9E.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9F.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA0.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA1.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA3.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA4.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA5.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA6.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA7.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA8.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA9.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttAB.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttAC.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttAD.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttAE.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttAF.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB0.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB1.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB3.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB4.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB5.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB6.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB7.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB8.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB9.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttBB.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttBC.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttBD.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttBE.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttBF.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC0.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC1.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC3.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC4.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC5.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC7.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC9.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttCB.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttCD.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttCF.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD1.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD3.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD5.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD7.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD9.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttDB.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttDD.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttDF.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE1.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE3.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE5.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE8.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttEA.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttEC.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttEE.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttF.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttF0.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttF2.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8.tmp.vbs - Deleted
C:\Windows\system32\14.tmp - Deleted
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk - Deleted
C:\Windows\system32\WinCtrl32.dll - Deleted



Folder C:\Program Files\rhc77gj0eelc - Removed
Folder C:\Documents and Settings\Administrator\Application Data\rhc77gj0eelc - Removed
Folder C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 13:26:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027282875f]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00027282875f]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Common Files\\AOL\\1170918074\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1170918074\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"="C:\\Program Files\\AOL 9.0 VR\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\DOCUME~1\ADMINI~1\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 22 Jun 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Tue 22 Jun 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Tue 22 Jun 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Tue 22 Jun 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0a\aolphx.exe"
Tue 22 Jun 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0a\aoltray.exe"
Tue 22 Jun 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0a\RBM.exe"
Mon 22 Jan 2007 46,640 A..H. --- "C:\Program Files\AOL 9.0 VR\AOLphx.exe"
Fri 10 Nov 2006 54,832 A..H. --- "C:\Program Files\AOL 9.0 VR\AOLphxex.exe"
Fri 10 Nov 2006 33,328 A..H. --- "C:\Program Files\AOL 9.0 VR\rbm.exe"
Tue 28 Mar 2006 236,032 A..H. --- "C:\temp\aol\curl.exe"
Wed 29 Dec 2004 61,440 A..H. --- "C:\temp\aol\modemconfig.exe"
Wed 23 Apr 2008 25,088 ...H. --- "C:\Documents and Settings\Administrator\My Documents\~WRL0004.tmp"
Sat 26 Jul 2008 154 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti1FB9.tmp"
Wed 7 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 21 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT1BF.tmp"
Sun 12 Sep 2004 190,464 ...H. --- "C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\~WRL2350.tmp"
Thu 13 Oct 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

Finished!
Nothavingagoodday
Active Member
 
Posts: 12
Joined: August 3rd, 2008, 12:09 pm

Re: XP Antivirus 2008

Unread postby Shaba » August 17th, 2008, 9:35 am

You posted now SDFix report twice.

Please post a fresh HijackThis log :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: XP Antivirus 2008

Unread postby Nothavingagoodday » August 17th, 2008, 9:42 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:50, on 17/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Windows\System32\svchost.exe
C:\Windows\wanmpsvc.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Windows\system32\wscntfy.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Windows\system32\PROMon.exe
C:\Windows\System32\NMSSvc.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1170918074\ee\AOLSoftware.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\System32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\PROGRA~1\AOL9~1.0VR\waol.exe
C:\PROGRA~1\AOL9~1.0VR\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com/isapi/redir.dll?prd=i ... ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170918074\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computerc ... diagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/ ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/ ... cgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\Windows\wanmpsvc.exe

--
End of file - 12241 bytes
Nothavingagoodday
Active Member
 
Posts: 12
Joined: August 3rd, 2008, 12:09 pm

Re: XP Antivirus 2008

Unread postby Shaba » August 17th, 2008, 9:52 am

Looks better :)

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Please post contents of that file in your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: XP Antivirus 2008

Unread postby Nothavingagoodday » August 17th, 2008, 12:08 pm

Hello

The next log

Malwarebytes' Anti-Malware 1.24
Database version: 1061
Windows 5.1.2600 Service Pack 2

17:07:26 17/08/2008
mbam-log-8-17-2008 (17-07-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 112974
Time elapsed: 1 hour(s), 22 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 13
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AlphaWipe Tracks Cleaner 2008 (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\Download (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhc77gj0eelc (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhc77gj0eelc\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhc77gj0eelc\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhc77gj0eelc\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhc77gj0eelc\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhc77gj0eelc\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhc77gj0eelc\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhc77gj0eelc\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhc77gj0eelc\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhc77gj0eelc\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\rhc77gj0eelc\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe (BHO.Baidu) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OP6FGXAZ\pre17072[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP1024\A0099115.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP1026\A0099391.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP1026\A0099430.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP1026\A0099468.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP1030\A0099823.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP1030\A0099854.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\pv.dat (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
C:\Program Files\AlphaWipe Tracks Cleaner 2008\up.dat (Rogue.AlphaWipe) -> Quarantined and deleted successfully.
Nothavingagoodday
Active Member
 
Posts: 12
Joined: August 3rd, 2008, 12:09 pm

Re: XP Antivirus 2008

Unread postby Shaba » August 17th, 2008, 12:31 pm

Post also a fresh HijackThis log, please :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: XP Antivirus 2008

Unread postby Nothavingagoodday » August 17th, 2008, 12:53 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51:54, on 17/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Windows\System32\svchost.exe
C:\Windows\wanmpsvc.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Windows\system32\wscntfy.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Windows\system32\PROMon.exe
C:\Windows\System32\NMSSvc.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1170918074\ee\AOLSoftware.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\System32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\PROGRA~1\AOL9~1.0VR\waol.exe
C:\PROGRA~1\AOL9~1.0VR\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com/isapi/redir.dll?prd=i ... ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170918074\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computerc ... diagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/ ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/ ... cgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\Windows\wanmpsvc.exe

--
End of file - 12450 bytes
Nothavingagoodday
Active Member
 
Posts: 12
Joined: August 3rd, 2008, 12:09 pm

Re: XP Antivirus 2008

Unread postby Shaba » August 17th, 2008, 1:08 pm

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: XP Antivirus 2008

Unread postby Nothavingagoodday » August 17th, 2008, 5:06 pm

Hello

Kaspersky Log & Log update from Hijack.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:05:42, on 17/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Windows\System32\svchost.exe
C:\Windows\wanmpsvc.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Windows\system32\wscntfy.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Windows\system32\PROMon.exe
C:\Windows\System32\NMSSvc.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1170918074\ee\AOLSoftware.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\System32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\PROGRA~1\AOL9~1.0VR\waol.exe
C:\PROGRA~1\AOL9~1.0VR\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\ScanningProcess.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com/isapi/redir.dll?prd=i ... ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170918074\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computerc ... diagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/ ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/ ... cgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\Windows\wanmpsvc.exe

--
End of file - 12350 bytes
You do not have the required permissions to view the files attached to this post.
Nothavingagoodday
Active Member
 
Posts: 12
Joined: August 3rd, 2008, 12:09 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware