Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

XP 2008 Antivirus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

XP 2008 Antivirus

Unread postby wwh69 » October 3rd, 2008, 10:50 pm

I have been infected with XP 2008 Antivirus. I have attached the HijackThis log. I downloaded Spybot and that seemed to get rid of most of it, but there are still some issues. Please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:27 PM, on 10/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.myidentitydefender.com/smallsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Bill\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AdvancedAdvisor - {7141E838-7BE0-F63D-6939-29A2CC9FBB15} - C:\Program Files\AdvancedAdvisor\AdvancedAdvisor-1.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Bill\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Bill\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SMrhc7wgj0e72g] C:\Program Files\rhc7wgj0e72g\rhc7wgj0e72g.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [lphc3wgj0e72g] C:\WINDOWS\system32\lphc3wgj0e72g.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 10487 bytes
wwh69
Active Member
 
Posts: 8
Joined: September 28th, 2008, 11:03 pm
Advertisement
Register to Remove

Re: XP 2008 Antivirus

Unread postby flashh4 » October 4th, 2008, 7:29 pm

Howdy wwh69 and welcome to the forums,

My name is flashh4 and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
4. Please note you'll need to have Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
5. Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

If you can do those things, everything should go smoothly

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Note: I am still in training at Malware Removal, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.

I will be back as soon as possible with a fix !!
In the mean time can you give me an Uninstall list please !!

  1. Open HijackThis.
  2. Click on the Open the Misc Tools section button.
  3. Look under System tools.
  4. Click on the Open Uninstall Manager... button.
  5. Click on the Save list... button.
  6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  7. Notepad will open. Please post this log in your next reply.


Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: XP 2008 Antivirus

Unread postby flashh4 » October 5th, 2008, 1:21 pm

Howdy wwh69, first we need to disable SpybotSD TeaTimer. And Windows Defender so they do not interfer with the fix !

Disable Spybot's TeaTimer. This is a two step process.

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.

.....................................

Disabling Windows Defender temporarily and re-enabling it

  1. Go to Start > All Programs > Windows Defender.
  2. Click on Tools at the top.
  3. Under Settings, click on Options.
  4. Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
  5. Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
  6. Click on the Save button at the bottom right hand corner.

You may enable it after i give you the all clean speech !!

Re-enabling Windows Defender

  1. Go to Start > All Programs > Windows Defender.
  2. Click on Tools at the top.
  3. Under Settings, click on Options.
  4. Under Automatic scanning, check (tick) Automatically scan my computer (recommended) box.
  5. Under Real-time protection options, check (tick) Use real-time protection (recommended) box.
  6. Click on the Save button at the bottom right hand corner.



NEXT


  1. Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  2. Double click on mbam-setup.exe to install it.
  3. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  4. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  5. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  6. Leave the default options as it is and click on Start Scan.
  7. When done, you will be prompted. Click OK, then click on Show Results.
  8. Checked (ticked) all items and click on Remove Selected.
  9. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.



NEXT


Please visit this webpage for instructions for downloading ComboFix at your DESKTOP :
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

Additional links to download the tool:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.


Please post into this topic:
1. Malwarebytes' log/report
2. Combofix log/report
3. New HJT log
4. Uninstall list if not already posted

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: XP 2008 Antivirus

Unread postby wwh69 » October 5th, 2008, 8:11 pm

Chuck,

Let me thank you for your help in advance. I've done the first thing you requested and created the uninstall list. The list is below. I'll keep checking in. Again, thanks for your help.

Bill

Adobe Flash Player ActiveX
Adobe Reader 7.0
AdvancedAdvisor
aiofw
aioocr
aioprnt
aioscnnr
America Online (Choose which version to remove)
AntivirXP08
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL You've Got Pictures Screensaver
Atheros Client Utility
Atheros Wireless LAN MiniPCI/PCIe card Driver
ATI Control Panel
ATI Display Driver
Bejeweled 2 Deluxe
Blasterball 2 Revolution
Bonjour
CCScore
CD/DVD Drive Acoustic Silencer
center
Chuzzle Deluxe
Desktop Dialer
Dora's Carnival Adventure
DVD-RAM Driver
ESPNMotion
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
FATE
FBrowsingAdvisor
GemMaster Mystic
Google Desktop
Google Toolbar for Internet Explorer
Help_CTR
helptut
helpug
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 7
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
KODAK All-in-One Printer Software
ksdip
Mah Jong Quest
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office OneNote 2003
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Moto Racer
MP3 Rocket
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MyIdentityDefender Toolbar (CyberDefender Corporation)
netbrdg
NetJet 2.0
Office 2003 Trial Assistant
OfotoXMI
OpenOffice.org Installer 1.0
Otto
Penguins!
Pinball Panic
PlayMP3z
Polar Bowler
Polar Golfer
Pro Media Director Version 2.0.0.1
Pure Networks Port Magic
QuickTime
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
SCRABBLE
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
SFR
SHASTA
skin0001
SKINXSDK
Sonic Encoders
Spybot - Search & Destroy
staticcr
Synaptics Pointing Device Driver
T-Mobile Wing™ User Manual
tooltips
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Direct Disc Writer
TOSHIBA Disc Creator
TOSHIBA Games
Toshiba Media Center Game Console
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Touchpad Utility
Toshiba Utility
TOSHIBA Zooming Utility
Touch and Launch
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
VPRINTOL
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10 Hotfix - KB894476
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888622
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB908250
WIRELESS
Yahoo! Music Jukebox
wwh69
Active Member
 
Posts: 8
Joined: September 28th, 2008, 11:03 pm

Re: XP 2008 Antivirus

Unread postby flashh4 » October 5th, 2008, 9:05 pm

Howdy wwh69, i need to see the rest of the log/reports that i asked for above, please !!

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: XP 2008 Antivirus

Unread postby wwh69 » October 5th, 2008, 9:19 pm

Chuck,

I will. I am running the Malwarebyte scan now. I got 15 minutes into it and got a blue screen of death. I'm 25 minutes into the second scan. I'll post these items as soon as I'm done. Thanks again for your help.

Bill
wwh69
Active Member
 
Posts: 8
Joined: September 28th, 2008, 11:03 pm

Re: XP 2008 Antivirus

Unread postby wwh69 » October 5th, 2008, 9:29 pm

Chuck,

The scan completed successfully this time, but as it was removing things it said it needed to restart the computer, so I'm gonna. Here is the Malwarebyte Anti-Malware log so far. I'm sending these one at a time. Hope you don't mind. I could also send them in a file if you like.

Bill

Malwarebytes' Anti-Malware 1.28
Database version: 1231
Windows 5.1.2600 Service Pack 2

10/5/2008 8:25:05 PM
mbam-log-2008-10-05 (20-25-05).txt

Scan type: Full Scan (C:\|)
Objects scanned: 148163
Time elapsed: 30 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 15
Registry Values Infected: 10
Registry Data Items Infected: 2
Folders Infected: 38
Files Infected: 66

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\Bill\Local Settings\Application Data\CyberDefender\cdmyidd.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{cd24eb02-9831-4838-99d0-726d411b1328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f20da564-9254-49fe-a678-cc3cef172252} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc7wgj0e72g (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc7wgj0e72g (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc7wgj0e72g (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3wgj0e72g (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Program Files\rhc7wgj0e72g (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Documents and Settings\Catherine\Application Data\rhc7wgj0e72g (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Catherine\Application Data\rhc7wgj0e72g\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Catherine\Application Data\rhc7wgj0e72g\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Catherine\Application Data\rhc7wgj0e72g\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Catherine\Application Data\rhc7wgj0e72g\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Catherine\Application Data\rhc7wgj0e72g\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Catherine\Application Data\rhc7wgj0e72g\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Catherine\Application Data\rhc7wgj0e72g\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Catherine\Application Data\rhc7wgj0e72g\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Catherine\Application Data\rhc7wgj0e72g\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Catherine\Application Data\rhc7wgj0e72g\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Billy\Application Data\rhc7wgj0e72g (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Billy\Application Data\rhc7wgj0e72g\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Billy\Application Data\rhc7wgj0e72g\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Billy\Application Data\rhc7wgj0e72g\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Billy\Application Data\rhc7wgj0e72g\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Billy\Application Data\rhc7wgj0e72g\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Billy\Application Data\rhc7wgj0e72g\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Billy\Application Data\rhc7wgj0e72g\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Billy\Application Data\rhc7wgj0e72g\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Billy\Application Data\rhc7wgj0e72g\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Billy\Application Data\rhc7wgj0e72g\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Application Data\rhc7wgj0e72g (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Application Data\rhc7wgj0e72g\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Application Data\rhc7wgj0e72g\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Application Data\rhc7wgj0e72g\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Application Data\rhc7wgj0e72g\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Application Data\rhc7wgj0e72g\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Application Data\rhc7wgj0e72g\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Application Data\rhc7wgj0e72g\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Application Data\rhc7wgj0e72g\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Application Data\rhc7wgj0e72g\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Application Data\rhc7wgj0e72g\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Bill\Local Settings\Application Data\CyberDefender\cdmyidd.dll (Trojan.BHO) -> Delete on reboot.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rachel\Local Settings\Temp\rsyncini.exe (Trojan.Shutdowner) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\10.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\11.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\12.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\13.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\14.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\15.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\16.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\17.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\18.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\19.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1A.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1B.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1C.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1D.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1E.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1F.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\20.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\21.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\22.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\23.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\24.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\27.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\28.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\29.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2A.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2B.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Program Files\rhc7wgj0e72g\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7wgj0e72g\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7wgj0e72g\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7wgj0e72g\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc3wgj0e72g.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc3wgj0e72g.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rachel\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rachel\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rachel\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rachel\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rachel\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rachel\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Catherine\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Catherine\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Catherine\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Catherine\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Billy\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Billy\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Billy\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rachel\Local Settings\Temp\.tt3.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Catherine\Local Settings\Temp\.tt6.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
wwh69
Active Member
 
Posts: 8
Joined: September 28th, 2008, 11:03 pm

Re: XP 2008 Antivirus

Unread postby wwh69 » October 5th, 2008, 10:08 pm

Chuck,

Here are the other logs you asked for.

Bill

ComboFix 08-10-05.03 - Bill 2008-10-05 20:54:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.486 [GMT -5:00]
Running from: C:\Documents and Settings\Bill\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bill\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Billy\Cookies\billy@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Rachel\Cookies\rachel@ad.yieldmanager[2].txt
C:\Documents and Settings\Rachel\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\WinNB55.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSREST.SYS


((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 )))))))))))))))))))))))))))))))
.

2008-10-05 20:29 . 2008-10-05 20:29 27 --a------ C:\WINDOWS\sssTbarV2.ini
2008-10-05 19:24 . 2008-10-05 19:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-05 19:24 . 2008-10-05 19:24 <DIR> d-------- C:\Documents and Settings\Bill\Application Data\Malwarebytes
2008-10-05 19:24 . 2008-10-05 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-05 19:24 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-05 19:24 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-05 19:21 . 2008-10-05 19:21 <DIR> d-------- C:\Program Files\Malware Removal Univ
2008-09-28 21:53 . 2008-09-28 21:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-27 20:04 . 2008-09-27 20:38 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-07 16:06 . 2008-10-05 20:33 3,330 --a------ C:\logfile
2008-09-07 15:48 . 2008-09-07 15:48 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-09-07 15:48 . 2008-09-07 15:48 <DIR> d-------- C:\Program Files\Bonjour
2008-09-07 15:47 . 2008-09-07 15:47 <DIR> d-------- C:\Program Files\Common Files\Kodak
2008-09-06 17:47 . 2008-09-06 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
2008-09-06 17:47 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-09-06 17:47 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-09-06 17:47 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-09-06 17:47 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-06 17:47 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-06 17:47 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-06 17:47 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-06 17:47 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-09-06 17:47 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-09-06 17:47 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-09-06 17:46 . 2008-09-06 17:46 652 --a------ C:\WINDOWS\system32\InstallUtil.InstallLog
2008-09-06 17:45 . 2008-02-28 17:57 12,800 --a------ C:\WINDOWS\system32\EKDeviceServices.dll
2008-09-06 17:44 . 2008-09-06 17:45 <DIR> d-------- C:\Program Files\QuickTime
2008-09-06 17:44 . 2008-09-06 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-06 17:43 . 2008-09-06 17:43 <DIR> d-------- C:\WINDOWS\system32\kodak
2008-09-06 17:43 . 2008-09-06 17:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-06 17:43 . 2008-09-06 17:43 <DIR> d-------- C:\Program Files\Kodak
2008-09-06 17:43 . 2008-02-15 06:03 335,872 --a------ C:\WINDOWS\system32\EKIJ5000MON.dll
2008-09-06 17:40 . 2008-09-06 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-09 23:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-09 22:59 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-09 22:38 --------- d-----w C:\Program Files\CyberDefender
2008-08-09 00:21 --------- d-----w C:\Program Files\Windows Defender
2008-08-08 23:32 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-03-15 18:06 148 ----a-w C:\Documents and Settings\Bill\Application Data\wklnhst.dat
.

------- Sigcheck -------

2008-04-13 19:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
2004-08-09 16:00 17408 53e6514da2b04b8ecd3098a136e8a388 C:\WINDOWS\system32\svchost.exe

2008-04-13 19:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
2004-08-09 16:00 506368 2fe9be8f9fe98091289c94cc34d46f0c C:\WINDOWS\system32\winlogon.exe

2007-06-13 05:23 1035776 e014ea95a84524a36bc2b577eddd5daa C:\WINDOWS\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-09 16:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 19:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe

2008-04-13 19:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\services.exe
2004-08-09 16:00 110592 fa84a27c9027b29c36fd0f5c2ef1ef04 C:\WINDOWS\system32\services.exe

2008-04-13 19:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lsass.exe
2004-08-09 16:00 14848 5320b16f1f3afdd2399bd3fad04f74d0 C:\WINDOWS\system32\lsass.exe

2005-06-10 19:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-09 16:00 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-13 19:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\spoolsv.exe
2005-06-10 18:53 58880 58719a4b8979418010ef77da594abb29 C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 344064]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-07 761946]
"Toshiba Hotkey Utility"="c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2006-08-01 1773568]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 286720]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-05-31 C:\WINDOWS\system32\TPSMain.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 C:\WINDOWS\agrsmmsg.exe]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

C:\Documents and Settings\Rachel\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 59080]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-11-30 282624]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-10-19 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1161249244\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Quake III Arena\\quake3.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 KodakSvc;Kodak AiO Device Service;C:\Program Files\Kodak\printer\center\KodakSvc.exe [2008-02-28 18944]
R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-06-28 98816]
R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-10 5504]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-12 31872]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 7936]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6be71e93-52d8-11dd-8b92-00038a000015}]
\Shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2d76773-33c7-11db-bd96-806d6172696f}]
\shell\play\command - "C:\Program Files\InterVideo\WinDVD\WinDVD.exe" %1
.
Contents of the 'Scheduled Tasks' folder

2008-09-06 C:\WINDOWS\Tasks\EasyShare Registration Task.job
- C:\WINDOWS\system32\rundll32.exe [2004-08-09 16:00]

2008-10-06 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SNM - C:\Program Files\SpyNoMore\SNM.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 20:59:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\ComboFix\pv.cfexe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-10-05 21:02:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-06 02:02:01

Pre-Run: 83,273,232,384 bytes free
Post-Run: 83,819,008,000 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

223 --- E O F --- 2008-09-28 01:20:03


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:50 PM, on 10/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\RTHDCPL.EXE
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 8927 bytes
wwh69
Active Member
 
Posts: 8
Joined: September 28th, 2008, 11:03 pm

Re: XP 2008 Antivirus

Unread postby flashh4 » October 6th, 2008, 9:12 pm

Howdy wwh69 (BILL), great job following my instructions !!
We are almost done !

:Remove bad HijackThis entries:
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

      R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.


NEXT


Enable show hidden files and folders:

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK
We will rehide these after the fix !


Useing Windows Explorer by right-clicking the Start button and left clicking Explore navigate to and find the following files: if found, delete the following files: (if present):
C:\WINDOWS\sssTbarV2.ini

Reboot

Run Combofix again and post the new log !
Post a new HJT log !

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: XP 2008 Antivirus

Unread postby wwh69 » October 6th, 2008, 9:47 pm

Chuck,

Here ya go.

Thanks,
Bill

ComboFix 08-10-05.03 - Bill 2008-10-06 20:41:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.495 [GMT -5:00]
Running from: C:\Documents and Settings\Bill\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
.

2008-10-05 19:24 . 2008-10-05 19:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-05 19:24 . 2008-10-05 19:24 <DIR> d-------- C:\Documents and Settings\Bill\Application Data\Malwarebytes
2008-10-05 19:24 . 2008-10-05 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-05 19:24 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-05 19:24 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-05 19:21 . 2008-10-05 19:21 <DIR> d-------- C:\Program Files\Malware Removal Univ
2008-09-28 21:53 . 2008-09-28 21:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-27 20:04 . 2008-09-27 20:38 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-07 16:06 . 2008-10-06 20:39 3,786 --a------ C:\logfile
2008-09-07 15:48 . 2008-09-07 15:48 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-09-07 15:48 . 2008-09-07 15:48 <DIR> d-------- C:\Program Files\Bonjour
2008-09-07 15:47 . 2008-09-07 15:47 <DIR> d-------- C:\Program Files\Common Files\Kodak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 22:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
2008-09-06 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-09-06 22:45 --------- d-----w C:\Program Files\QuickTime
2008-09-06 22:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-06 22:43 --------- d-----w C:\Program Files\Kodak
2008-08-09 23:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-09 22:59 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-09 22:38 --------- d-----w C:\Program Files\CyberDefender
2008-08-09 00:21 --------- d-----w C:\Program Files\Windows Defender
2008-08-08 23:32 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:06 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-03-15 18:06 148 ----a-w C:\Documents and Settings\Bill\Application Data\wklnhst.dat
.

------- Sigcheck -------

2008-04-13 19:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
2004-08-09 16:00 17408 53e6514da2b04b8ecd3098a136e8a388 C:\WINDOWS\system32\svchost.exe

2008-04-13 19:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
2004-08-09 16:00 506368 2fe9be8f9fe98091289c94cc34d46f0c C:\WINDOWS\system32\winlogon.exe

2007-06-13 05:23 1035776 e014ea95a84524a36bc2b577eddd5daa C:\WINDOWS\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-09 16:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 19:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe

2008-04-13 19:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\services.exe
2004-08-09 16:00 110592 fa84a27c9027b29c36fd0f5c2ef1ef04 C:\WINDOWS\system32\services.exe

2008-04-13 19:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lsass.exe
2004-08-09 16:00 14848 5320b16f1f3afdd2399bd3fad04f74d0 C:\WINDOWS\system32\lsass.exe

2005-06-10 19:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-09 16:00 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-13 19:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\spoolsv.exe
2005-06-10 18:53 58880 58719a4b8979418010ef77da594abb29 C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 344064]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-07 761946]
"Toshiba Hotkey Utility"="c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2006-08-01 1773568]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 286720]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-05-31 C:\WINDOWS\system32\TPSMain.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 C:\WINDOWS\agrsmmsg.exe]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

C:\Documents and Settings\Rachel\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 59080]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-11-30 282624]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-10-19 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1161249244\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Quake III Arena\\quake3.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 KodakSvc;Kodak AiO Device Service;C:\Program Files\Kodak\printer\center\KodakSvc.exe [2008-02-28 18944]
R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-06-28 98816]
R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-10 5504]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-12 31872]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 7936]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6be71e93-52d8-11dd-8b92-00038a000015}]
\Shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2d76773-33c7-11db-bd96-806d6172696f}]
\shell\play\command - "C:\Program Files\InterVideo\WinDVD\WinDVD.exe" %1
.
Contents of the 'Scheduled Tasks' folder

2008-09-06 C:\WINDOWS\Tasks\EasyShare Registration Task.job
- C:\WINDOWS\system32\rundll32.exe [2004-08-09 16:00]

2008-10-07 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-06 20:42:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-06 20:43:42
ComboFix-quarantined-files.txt 2008-10-07 01:43:40
ComboFix2.txt 2008-10-06 02:02:05

Pre-Run: 83,855,540,224 bytes free
Post-Run: 83,838,697,472 bytes free

166 --- E O F --- 2008-09-28 01:20:03



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:53 PM, on 10/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\RTHDCPL.EXE
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 8738 bytes
wwh69
Active Member
 
Posts: 8
Joined: September 28th, 2008, 11:03 pm

Re: XP 2008 Antivirus

Unread postby flashh4 » October 7th, 2008, 7:51 am

Howdy wwh69 (BILL), Log is clean !!

You can either keep the Malwarebytes if you like its a very good program that most of us use regularly ! Your choice.

UNINSTALL COMBOFIX

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Image
You can also delete any logs we have produced, and empty your Recycle bin.


Congratulation you are clean !!!

Disable and Enable System Restore. - If you are using Windows XP or Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide


Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing !

How is it running,any problems before we close this topic ??

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: XP 2008 Antivirus

Unread postby wwh69 » October 7th, 2008, 8:56 am

Chuck,

It looks to be running great. I'll do the things you posted tonight. Thanks for all of your help. You and others like you truly perform a great service to the user community. Thanks again. Malware sucks, you rock!!!

My other laptop is infected with a similar program called Micro AV 2009. I'll read the article you posted about how I got the malware, but do you have a recommendation for an antivirus software other than XP 2008 Antivirus (little joke there, very litttle).

Thanks,
Bill
wwh69
Active Member
 
Posts: 8
Joined: September 28th, 2008, 11:03 pm

Re: XP 2008 Antivirus

Unread postby flashh4 » October 7th, 2008, 11:20 pm

Howdy wwh69 (BILL), here is a few free ones that we recommend !

Free Antivirus; I use Avast !!
avast! 4 Home Edition
AntiVir Free Edition


Free firewalls:
1) Comodo (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor
3) PC Tools
4) Sunbelt/Kerio
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.


Let me know if we can archive this ??

Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: XP 2008 Antivirus

Unread postby wwh69 » October 8th, 2008, 7:32 am

Chuck,

Thanks again so much. I've followed the recommendations you made. As far as archiving goes, yes. I appreciate all of your help and wish you the best of luck helping others.

Regards,
Bill
wwh69
Active Member
 
Posts: 8
Joined: September 28th, 2008, 11:03 pm

Re: XP 2008 Antivirus

Unread postby 'KotaGuy » October 8th, 2008, 8:23 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 58 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware