Over 1 million tech questions and answers.

Malware 2008 / Antivirus XP 2008 HELP PLEASE!!!!

Q: Malware 2008 / Antivirus XP 2008 HELP PLEASE!!!!

I am in need of some MAJOR help.... this is my daughters computer and is majorlly infected....


ComboFix 08-06-20.4 - Cat 2008-06-25 19:49:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.482 [GMT -4:00]
Running from: C:\Documents and Settings\Cat\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Desktop\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\b\Favorites\Online Security Test.url
C:\Documents and Settings\Cat\Application Data\AXPDefender
C:\Documents and Settings\Cat\Application Data\macromedia\Flash Player\#SharedObjects\7RM62B86\www.broadcaster.com
C:\Documents and Settings\Cat\Application Data\macromedia\Flash Player\#SharedObjects\7RM62B86\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Cat\Application Data\macromedia\Flash Player\#SharedObjects\7RM62B86\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Cat\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Cat\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Cat\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk
C:\Documents and Settings\Cat\Application Data\rhc5ojj0eg9l
C:\Documents and Settings\Cat\Application Data\shc7ojj0eg9l
C:\Documents and Settings\Guest\Application Data\Install.dat
C:\Program Files\shc7ojj0eg9l
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\matrix.dat
C:\Program Files\WinBudget\bin\matrix.dll
C:\WINDOWS\system32\blphc1ojj0eg9l.scr
C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\lphc1ojj0eg9l.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\phc1ojj0eg9l.bmp
C:\WINDOWS\system32\pphc1ojj0eg9l.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSREST.SYS
-------\Service_sysrest.sys


((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.

2008-06-25 15:22 . 2008-06-25 19:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-25 15:22 . 2008-06-25 15:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-25 12:44 . 2008-06-25 13:54 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-25 01:09 . 2008-06-25 01:09 <DIR> d-------- C:\Program Files\Panda Security
2008-06-25 00:27 . 2008-06-25 00:27 2,002 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-24 16:09 . 2008-06-24 16:09 2,031,832 --a------ C:\WINDOWS\system321lkdoiuekrewr.bin
2008-06-23 04:45 . 2008-06-23 04:44 23,040 --a------ C:\WINDOWS\system32\sysrest32.exe
2008-06-23 04:45 . 2008-06-25 19:34 15,328 --a------ C:\WINDOWS\system32\sysrest.sys
2008-06-11 06:38 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 06:38 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 23:33 --------- d-----w C:\Documents and Settings\Cat\Application Data\OpenOffice.org2
2008-06-20 07:05 --------- d-----w C:\Documents and Settings\Cat\Application Data\uTorrent
2008-05-10 07:28 --------- d-----w C:\Program Files\Plaxo
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2006-03-04 23:09 56 --sh--r C:\WINDOWS\system32\2DF59B81CF.sys
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2006-05-15 21:40 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 39,792 2007-10-11 00:51:56 C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe

----a-w 81,920 2005-06-10 16:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe

----a-w 180,269 2005-12-30 05:59:55 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

----a-w 102,400 2004-12-02 22:23:34 C:\Program Files\Creative\MediaSource\Detector\bak\CTDetect.exe

----a-w 57,344 2005-02-15 20:10:16 C:\Program Files\Creative\SBAudigy\Surround Mixer\bak\CTSysVol.exe

----a-w 1,159,168 2005-02-23 17:08:50 C:\Program Files\Creative\VoiceCenter\bak\AndreaVC.exe

----a-w 16,384 2007-11-15 14:24:00 C:\Program Files\Dell Support Center\gs_agent\custom\bak\dsca.exe

----a-w 460,784 2007-03-15 15:09:36 C:\Program Files\DellSupport\bak\DSAgnt.exe

----a-w 257,088 2007-03-14 23:05:48 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-02-19 17:10:32 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 132,760 2007-06-14 22:32:40 C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe

----a-w 57,344 2003-08-19 10:43:46 C:\Program Files\Lexmark X1100 Series\bak\lxbkbmgr.exe

----a-w 227,914 2007-12-11 22:21:12 C:\Program Files\Plaxo\2.13.1.3\bak\PlaxoHelper.exe

----a-w 282,624 2007-02-16 14:54:04 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 385,024 2008-02-01 03:13:08 C:\Program Files\QuickTime\QTTask.exe

----a-w 48 2008-03-21 14:10:11 C:\Program Files\Trend Micro\Internet Security 12\bak\pc-cillin.ini
----a-w 2,817 2008-06-25 23:54:20 C:\Program Files\Trend Micro\Internet Security 12\pc-cillin.ini

----a-w 823,362 2005-08-30 22:30:26 C:\Program Files\Trend Micro\Internet Security 12\bak\pccguide.exe

----a-w 176,201 2006-04-12 00:39:22 C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\bak\TMAS_OEMon.exe

----a-w 57,401 2004-07-14 17:28:56 C:\WINDOWS\bak\ssdiag.exe

----a-w 90,112 2000-05-11 05:00:00 C:\WINDOWS\bak\UpdReg.EXE

----a-w 67,584 2005-09-29 20:01:14 C:\WINDOWS\ehome\bak\ehtray.exe

----a-w 15,360 2004-08-10 11:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-10 11:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 77,824 2005-07-20 0512 C:\WINDOWS\system32\bak\hkcmd.exe

----a-w 114,688 2005-07-20 05:10:06 C:\WINDOWS\system32\bak\igfxpers.exe

----a-w 94,208 2005-07-20 05:09:26 C:\WINDOWS\system32\bak\igfxtray.exe

----a-w 127,035 2004-12-06 07:05:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 19:40 24576 C:\WINDOWS\MIDIDEF.EXE]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [ ]
"PlaxoUpdate"="C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe" [ ]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBMon"="CTMBHA.DLL" [2005-05-19 18:54 1345520 C:\WINDOWS\system32\CTMBHA.DLL]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"SMrhc5ojj0eg9l"="C:\Program Files\rhc5ojj0eg9l\rhc5ojj0eg9l.exe" [ ]
"SMshc7ojj0eg9l"="C:\Program Files\shc7ojj0eg9l\shc7ojj0eg9l.exe" [ ]

C:\Documents and Settings\Cat\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2005-12-31 03:03:05 634880]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-12-13 12:56:45 24576]
MA111 Configuration Utility.lnk - C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe [2005-12-28 01:38:46 459264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ipspnp]
ipspnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\sysrest32.exe"=

R1 npapimon;npapimon;C:\WINDOWS\system32\drivers\npapimon.sys [2004-07-14 13:29]
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-07-14 20:32]
R1 ssdiagn;ssdiagn;C:\WINDOWS\system32\drivers\ssdiagn.sys [2004-07-14 13:28]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 NETGEAR_MA111;NETGEAR 802.11b MA111 Driver;C:\WINDOWS\system32\DRIVERS\MA111nd5.sys [2003-08-29 09:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-24 01:48:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysrest.sys]
"ImagePath"="\??\C:\WINDOWS\system32\sysrest.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Cat\LOCALS~1\temp\clclean.0001
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2008-06-25 19:57:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-25 23:57:56

Pre-Run: 25,174,917,120 bytes free
Post-Run: 25,223,843,840 bytes free

233 --- E O F --- 2008-06-20 07:01:19

RELEVANCY SCORE 200
Preferred Solution: Malware 2008 / Antivirus XP 2008 HELP PLEASE!!!!

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Malware 2008 / Antivirus XP 2008 HELP PLEASE!!!!

Deckard's System Scanner v20071014.68
Run by Cat on 2008-06-25 20:23:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-25 20:23:58
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Cat\LOCALS~1\Temp\clclean.0001
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Cat\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Program Files\vmntoolbar\vmntoolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Program Files\vmntoolbar\vmntoolbar.dll
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMrhc5ojj0eg9l] C:\Program Files\rhc5ojj0eg9l\rhc5ojj0eg9l.exe
O4 - HKLM\..\Run: [SMshc7ojj0eg9l] C:\Program Files\shc7ojj0eg9l\shc7ojj0eg9l.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136683721640
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O20 - Winlogon Notify: ipspnp - C:\WINDOWS\system32\ipspnp.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 8725 bytes

-- Files created between 2008-05-25 and 2008-06-25 -----------------------------

2008-06-25 20:03:02 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-06-25 20:03:02 0 d-------- C:\Program Files\SpywareBlaster
2008-06-25 19:48:33 68096 --a------ C:\WINDOWS\zip.exe
2008-06-25 19:48:33 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-25 19:48:33 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-25 19:48:33 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-25 19:48:33 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-25 19:48:33 98816 --a------ C:\WINDOWS\sed.exe
2008-06-25 19:48:33 80412 --a------ C:\WINDOWS\grep.exe
2008-06-25 19:48:33 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-25 12:44:02 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-25 01:09:06 0 d-------- C:\Program Files\Panda Security
2008-06-25 00:27:42 2002 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-24 16:09:47 2031832 --a------ C:\WINDOWS\system321lkdoiuekrewr.bin
2008-06-23 04:45:10 23040 --a------ C:\WINDOWS\system32\sysrest32.exe
2008-06-23 04:45:10 15328 --a------ C:\WINDOWS\system32\sysrest.sys


-- Find3M Report ---------------------------------------------------------------

2008-06-25 19:55:00 0 d-------- C:\Documents and Settings\Cat\Application Data\OpenOffice.org2
2008-06-18 12:58:27 0 d-------- C:\Documents and Settings\Cat\Application Data\Adobe
2008-05-10 03:28:59 0 d-------- C:\Program Files\Plaxo
2008-05-03 19:48:54 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBMon"="CTMBHA.DLL" [05/19/2005 06:54 PM C:\WINDOWS\system32\CTMBHA.DLL]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/31/2008 11:13 PM]
"SMrhc5ojj0eg9l"="C:\Program Files\rhc5ojj0eg9l\rhc5ojj0eg9l.exe" []
"SMshc7ojj0eg9l"="C:\Program Files\shc7ojj0eg9l\shc7ojj0eg9l.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [12/22/2004 07:40 PM C:\WINDOWS\MIDIDEF.EXE]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" []
"PlaxoUpdate"="C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 07:00 AM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

C:\Documents and Settings\Cat\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [8/17/2007 10:57:56 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [12/31/2005 3:03:05 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [12/13/2005 12:56:45 PM]
MA111 Configuration Utility.lnk - C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe [12/28/2005 1:38:46 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ipspnp]
ipspnp.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-06-25 20:24:13 ------------

Read other 17 answers
RELEVANCY SCORE 111.2

Hello, my wife was downloading a "David Cook Video" from some unknown website. She screamed when all of these pop-ups came up. I closed them out and ran AVG 8. It was unable to remove the virus. Then the desktop went blue and the system kept trying to restart but could not, another blue screen came up with white text. I was able to restart in safe mode. I have 2 new items on my desktop XP antivirus 2008 and Malware Protector 2008. Thanks in advance for your help.

I have posted my System Scanner file below and will attach my Active Scan and Extra.txt file.



Deckard's System Scanner v20071014.68
Run by Compaq_Owner on 2008-07-08 09:04:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-07-08 13:04:04 UTC - RP4 - Deckard's System Scanner Restore Point
2: 2008-07-08 11:41:55 UTC - RP3 - Last good restore point
1: 2008-07-08 11:41:33 UTC - RP2 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:20 AM, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Run... Read more

A:Antivirus XP 2008 and Malware Protector 2008

Bump.

Read other 12 answers
RELEVANCY SCORE 98.8

These are just a few things that were found on my computer, have no idea how it got so out of control.
I worked all day trying to get rid of all of these and finally succeeded by running and updating antivirus/Spyware detector and then rebooting in safe mode, while doing this many times I recieved "blue screen" and sometimes it was fake and sometimes it was real, if I pressed ESC I knew it was a fake screen.
Eventually it let me stay on long enough to get rid of everything
But I'm still getting the FAKE blue screen so could someone take a look at my highjackthis log please


Logfile of HijackThis v1.99.1
Scan saved at 10:33:46 PM, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Rogers\Update Manager\RogersUpdate... Read more

Read other answers
RELEVANCY SCORE 93.6

I downloaded a video codec that turned out to be a trojan.
In turn for that I also got a couple of annoying supposedly helpful Antivirus programs
I tried deleting it but I just don't know how to solve it.
You guys helped me out before so it would be cool if you guys could help again.
Heres my HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:49 PM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\wltray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Nuria... Read more

A:Antivirus 2008 Malware

Whatever this is it is really starting to act up.
The program started opening some other downloads.
Other programs like rundll32 keeps popping up.
Can some one please help
 

Read other 2 answers
RELEVANCY SCORE 93.6

Hi! I am pretty certain I have some malware that I need advice how to remove. Antivirus XP 2008 or something of the sort was installed, and I thought I got rid of it. However, now I am left with adware and other stuff that I don't know how to get rid of! I have ran AVG free, adaware, spybot, and stinger. I then created the first log file. Aftewards, I ran malwarebytes' anti-malware which found more trojans, etc. I went to msconfig and edited the startup list and unchecked glove.exe, cssrss.exe, and sysrest32.exe. I still think I have adware or something because when I type a direct link in, it takes me to some ezcoolpages.com website. I would sincerely appreciate anyone's advice! Thanks so much.HJT Log File BEFORE MalwarebytesLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:34:42 PM, on 8/15/2008Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WI... Read more

A:Antivirus Xp 2008-malware

Hello and welcome Cody DeanDownload Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2Link 3 **Note: It is important that it is saved directly to your desktop**--------------------------------------------------------------------1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.--------------------------------------------------------------------Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Read other 6 answers
RELEVANCY SCORE 93.6

hi, i just got infected by the malware antivirus xp 2008, i found a removal guide here in bleepingcomputer in spyware removal and followed the instructions by using the malwarebytes anti-malware, it removed most of the malware but there were a couple that was left in my pc and i cant seem to remove it. here's my malwarebytes log:Malwarebytes' Anti-Malware 1.24Database version: 1029Windows 5.1.2600 Service Pack 23:01:28 AM 8/7/2008mbam-log-8-7-2008 (03-01-28).txtScan type: Quick ScanObjects scanned: 36927Time elapsed: 3 minute(s), 21 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 1Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\lich.dat (Stolen.Data) -> Delete on reboot.everytime i reboot and rescan using malwarebytes these 2 always comes up and whenever i start my pc theres a program that wants to run but it cant since windows do... Read more

A:Antivirus Xp 2008 Malware

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please see here for instructionshow to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so b... Read more

Read other 3 answers
RELEVANCY SCORE 93.6

I got all kinds of malware, I ran Super Antispyware, roguefix and cc cleaner but nothing. I can only work on safe mode as the system has been completely hijacked.

Here is the HJ log, any help is greatly appreciated. Thanks:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:28 PM, on 9/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Application Data\U3\000018711570704F\LaunchPad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft S... Read more

A:Antivirus XP 2008 and other malware

After reading all the related posts here and the help forum from bleeping computer, I was able to get rid of most of the issues. I still have the antivirus XP 2008 icons in the computer but I should be able to get rid of them as well.

Mods, you may close or delete this thread.

Thanks

Read other 2 answers
RELEVANCY SCORE 93.6

I have tried to stop this spyware xp2008 with no sucess. It has stopped me from doing anything on my computer. I have Spywear Doctor that took me 10 hours to run. It found 6 trojans and delted them but now I still get a sign saying that I have MalwareProtector 2008. A website told me to download mbam-setup. There is no way for me to get into "my computer" from "start". I did download it but now I can't open it to run it. When I click on my "start" button now, all programs are missing.

When I turn off the computer and power it on again, this is the message - RUNDLL Error loading C:\WINDOWS\system32\oljqvcfu.dll. Next line says The specified module could not be found.

Please help.

Read other answers
RELEVANCY SCORE 92.8

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:37: VIRUS ALERT!, on 8/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Common Files\Virtual Token\vtserver.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\QCONSVC.EXEC:\Program Files\Sandboxie\SandboxieServer.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\TPHDEXLG.EXEC:\WINDOWS\system32\TpKmpSVC.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\WINDOWS\SYSTEM32\Ati2evxx.exeC:\WINDOWS\Explorer.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Java\jre1.6.0_04\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files... Read more

A:Antivirus Xp 2008, Antispyware 2008 Xp

Hello. I am PropagandaPanda (Panda or PP for short) and I will be helping you with your log.I will need some time to look over your computer's log(s). I am still in training, so my responses to you must be checked by a coach.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here. Please take note of a few guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it may not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directl... Read more

Read other 9 answers
RELEVANCY SCORE 92.4

Hi There,
We have a Dell Dimension 8400 with Windows XP. We use Zone Alarm Security Suite, and we were unable to use Internet Explorer without disabling Zone Alarm for awhile. Instead of fixing this problem, we stupidly just kept disabling our security suite and, of course, now we have a virus and/or malware infection. I went to Zone Alarm's site and read how to uninstall some windows update that was messing up our security suite, but we are still faced with the virus/malware. The virus scan says we have the virus "not-a-virus:FraudTool.Win32.MalwareProtector.d" with a filename "C:\WINDOWS\SYSTEM32\pphce8qj0eral.exe". When we try to quarantine it and delete it, it just keeps popping back up. Our wallpaper has been replaced with, "Warning! Spyware detected on your computer! Install and antivirus or spyware remover to clean up your computer". An "Antivirus XP 2008" icon is now on our desktop, and now we get tons of little bubble warnings and "demo mode" popups from them, but I haven't tried to delete it off our system, because I wanted to ask you guys first. I have a feeling it is part of the virus and won't let me delete it anyway. We would really appreciate your help. We haven't been infected with this malware type stuff since before we got Zone Alarm, so I suspect is got infected when we had the suite disabled because of the problems with it and the internet. Oh well. Too la... Read more

A:Antivirus Xp 2008 And Not-a-virus Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a li... Read more

Read other 3 answers
RELEVANCY SCORE 92.4

To Whomever can help,

First of all, thank you in advance for your assistance. It is greatly appreciated. Unfortunately, my girlfriend has managed to get some Malware on our new laptop.

Currently we have frequent pop ups coming from Windows AntiVirus 2008. I tried following your pre-post instructions as best as I can but unfortunately the panda scan and the Windows Update website would not work because IE would freeze. Only Firefox is working now, and its very slow. Listed below is our log:

Deckard's System Scanner v20071014.68
Run by Kate on 2008-05-02 21:22:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
76: 2008-05-03 01:22:57 UTC - RP87 - Deckard's System Scanner Restore Point
75: 2008-05-02 04:15:08 UTC - RP86 - System Checkpoint
74: 2008-05-01 04:12:14 UTC - RP85 - System Checkpoint
73: 2008-04-30 04:05:15 UTC - RP84 - System Checkpoint
72: 2008-04-29 00:30:12 UTC - RP83 - System Checkpoint


-- First Restore Point --
1: 2008-02-03 23:39:53 UTC - RP12 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Kate.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v... Read more

A:Malware and Pop Ups - Windows AntiVirus 2008

BUMP

(just three hours before 72, sorry, I have to leave work and I will check when I get home)

Read other 4 answers
RELEVANCY SCORE 92.4

UGH! I was finally able to get the Malware downloaded into my other computer, since I was unable to access it from there... and it ran its scan and detected 71 items!!! I selected to remove the items it found, and it couldn't have been more than 6 seconds after it started the quarantine that I had a pop up telling me that the program encountered a problem and needed to close. I ran it again with the same end result. How can I get these items into quarantine if the virus keeps shutting the program down on me? Am I in over my head now? Do I need to take the computer in somewhere?

Help please???????

A:AntiVirus 2008 - Malware shuts down

Try uninstalling and reinstalling. Also you can try running in safe mode. If sucessful please post back the scan log. Are you running XP or anotther system?If you run Spybot try Disabling it first.Also run this SAS scan if possible and post its log also. SAS is btter from safe mode also.Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".NOW SAS Scan:Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading t... Read more

Read other 1 answers
RELEVANCY SCORE 92.4

So I got the bug (watching the Olympics and not paying attention to incoming spam email). Tried everything including several AV programs. Spent hours on the phone with Tech Support at Trend Micro. Nada. Started looking for my OS CDs as I thought I'd have to reformat my hard drive and start all over. Then one last try on Google and ended up here in bleepingcomputer land. Read a few posts and saw the stuff on Malware. What the heck - it was free. Tried it and it took care of everything!

I had the following issues:

- Unable to boot in SAFE mode
- Unable to print from web pages
- Unable to cut and paste from web pages
- Unable to access Internet Tools Options in IE
- Fake Blue Screen of Death
- No screen saver capability from the Display program in Control Panel

Lord knows what else I hadn't discovered. Malware fixed them all!

Thank you so very much - 3 days of bleepingcomputer hell!!!!

A:Malware Kills Antivirus Xp 2008

You're welcome on behalf of the Bleeping Computer community.If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.The easiest and safest way to do this is:Go to Start > Programs > Accessories > System Tools and click "System Restore".Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.Then use Disk Cleanup to remove all but the most recently created Restore Point.Go to Start > Run and type: CleanmgrClick "Ok"Disk Cleanup will scan your files for several minutes, then open.Click the "More Options" Tab.Click the "Clean up" button under System Restore.Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"Click Yes, then click Ok.Click Yes again when prompted with "Are you sure you want to perform these actions?"Disk Cleanup will remov... Read more

Read other 1 answers
RELEVANCY SCORE 92.4

I have a pop up warning 'you have a security problem' and the associated link with it is http://scan.online-security-check.com/110102/3/ which then does a 'scan' for viruses on your pc - it says 'Antivirus 2008' on the pop up windows.

I have 4 different virus scanners running and it has not picked it up!

When i restart my laptop a desktop warning window pops up saying "Could not load or run 'C:\users\brian\appdata\roaming\adobe\manager.exe' specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry"

The interesting thing is when i don't close that warning window it stops the pop up 'you have a security problem' which stops all the random pop up explorer windows.

I am running Windows Vista

Not sure what to do! Any ideas?
 

A:Frustrating AntiVirus 2008 Malware

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2
Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while download... Read more

Read other 1 answers
RELEVANCY SCORE 92.4

Guys,

I have posted before regarding this issue but at the time I did not have the latest version of HiJackThis thus I am posting again...Sorry!

Anyway here is my problem:

While on the internet a program (System Antivirus 2008) appeared on my PC and is informing me that my machine has a virus ect. The program is wanting me to purchase a registered virsion which will have the capabilities of removing the virus.

I have ran SpyBot Search & Destroy as well as Registry Mechanic.

Should I remove this program and if so how?

I have downloaded the latest version of HijackThis and pasted the following log. I have also performed a screen capture of the new program and attached it as a jpeg file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:03 AM, on 9/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\LonWorks\bin\LnsMtsSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mc... Read more

Read other answers
RELEVANCY SCORE 91.6

suddenly those programs appears at my pc!!! please help me... here is the hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 15:33:59, on 10/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\TEMP\wyn3.tmpC:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Arquivos de programas\Bonjour\mDNSResponder.exeC:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exeC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\syst... Read more

A:Infected With Malware Protector 2008 And Antivirus Xp

Hello Thiago Ol?vio and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Add... Read more

Read other 5 answers
RELEVANCY SCORE 91.6

To the Gurus, pls help me.

Thanks.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:08 AM, on 8/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\lphcer7j0epb3.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\WINDOWS\system3... Read more

A:fake programe/malware XP antivirus 2008

Hi again, this is the combofix log


ComboFix 08-08-19.06 - David 2008-08-22 0:53:30.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2524 [GMT 8:00]
Running from: C:\Documents and Settings\David\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Secure Solutions
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080821013610533.log
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080821180250515.log
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080821201422718.log
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080822001531750.log
C:\WINDOWS\epgl.exe
C:\WINDOWS\system32\lphcer7j0epb3.exe
C:\WINDOWS\system32\phcer7j0epb3.bmp

----- BITS: Possible infected sites -----

http://freefile.kristopherw.us
.
((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 )))))))))))))))))... Read more

Read other 16 answers
RELEVANCY SCORE 91.6

I got infected with the subject malware and managed to remove enough of the pieces that my Dell is operational again (Windows XP Home SP2). However, I still have two problems I haven't been able to eliminate. One, just to the right of the time in my toolbar, I keep seeing the msg "VIRUS ALERT!" and it also appears in various other places. The larger issue though, is that although I have 3 hard drives (C, D and F), since the malware problem, the only hard drive that "My Computer" shows is F. Using Acronis partition software, that software sees the other drives and all the files are still there. Although I've lost some desktop icons that used to be there, if I go into All Programs and tell the system to start a program that resides on one of the "unseen by Windows" drives, the program starts up and runs just fine.

How do I restore the ability of My Computer to show me all the installed drives (I'm guessing it's some trick in the registry). Thanks for any assistance.

Ted

A:Antivirus 2008 Malware Leftover Issue

Download and install TweakUI (the download is on the right hand side of the screen). Run TweakUI and then click on My Computer > Drives and place a check next to the drives you want to unhide.

Read other 2 answers
RELEVANCY SCORE 91.6

I got XP antivirus 08 on 7-2-08, I tryed removing it with add/remove programs and didn't work, after 5 min I got Malware protector 2008, So I scanned my computer with AVG anti virus, Ad aware 2007, Spyware terminator, spyware doctor and malwarebytes anti malware, I also did the cleaning process with Smitfraudfix, and heres is the good thing, there's no pop ups, nothing starts when I restart the pc, theres no bugs on the screen and is not bothering me at all right now, but i still see them, the folders are still in program files (malware protector = shcl67j0e3ul , xp antivirus = rhcn67j0e3ul ) and they are in add/remove programs still. I also followed some manual instructions on how to remove them ( http://www.xp-vista.com/spyware-removal/xp...-antivirus-2008 ) and it seems like the re-produce or something, because they came back. Also the uninstall option has a red "x" on the side, I guess that means it doesn't work. I don't know what else to do, I was thinking on restoring the computer to a day before I got these viruses, but I don't want to mess my computer up and I don't have the windows cd with me. If you guys could help me I would really appreciate it. Thanks! Deckard's System Scanner v20071014.68Run by Owner on 2008-07-07 18:46:12Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System... Read more

A:Infected With Malware Protector 2008 And Xp Antivirus 08

Hello Jota_leslie and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is compl... Read more

Read other 5 answers
RELEVANCY SCORE 90.4

Here is a link to my previous posts (pre DSS) so you can get an idea of what's happening to my system:http://www.bleepingcomputer.com/forums/t/156344/i-have-the-same-hijacked-system-problems-as-neo147-need-help-w-combofix-logsplease/also noticed that the infection seems to have taken control of my desktop settings. when you right click on the desktop to get the settings window (with the image menu, screen saver menu, etc) it's different from prior to the infection. i no longer have tabs for some things to click on in this menu now. this has to be related somehow to the background screen image going back to the "Your computer is infected with..." at reboot. very weird.anyhow, here is the "main" DSS logfile, followed by the "extra" one:"main"Deckard's System Scanner v20071014.68Run by Jeff on 2008-07-08 17:58:14Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --7: 2008-07-08 21:58:26 UTC - RP8 - Deckard's System Scanner Restore Point6: 2008-07-08 02:10:27 UTC - RP7 - Software Distribution Service 3.05: 2008-07-08 02:02:54 UTC - RP6 - Software Distribution Service 3.04: 2008-07-08 02:01:47 UTC - RP5 - before spack33: 2008-07-08 01:59:22 UTC - RP4 - Software Distribution Service 3.0-- First Restore Point -- 1: 2008-07-07 15:50:39 UTC - RP2 - System Chec... Read more

A:Infected By Antivirus Xp/malware Xp 2008 - Trojans Keep Getting Found...

Hello stiahhh,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.
White Warrior

Read other 20 answers
RELEVANCY SCORE 90.4

This morning the CNN spam campaign took an ugly twist in terms of content. Spammers are now spoofing the CNN alerts system that users configure to receive customized news alerts. This is particularly harmful to those who actually create alerts for themselves with CNN as at the first glance it looks very authentic. In some of these news alerts links point back to sites hosted in Russia.Full details can be found at my blog:

Read other answers
RELEVANCY SCORE 90.4

When ever i log into my computer i have a blue background saying im infected. Then i get a pop up of AntiVirus XP 2008. Iv tried using Smitfraudfix but didn't work.Heres my Hijack File. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:15:56, on 7/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\Program Files\VIA\RAID\raid_tool.exeC:\WINDOWS\system32\RunDll32.exeC:\WINDOWS\system32\wltray.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\WINDOWS\system32\lphc9acj0epba.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\rhc... Read more

A:Blue Screen Background/ Antivirus Xp 2008/ Malware

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.Close all other windows before proceeding.Double-click on dss.exe and follow the prompts.Please let your firewall allow the scanning/downloading process.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.If you are using Vista, you need to right-click at dss.exe icon and choose Run as AdministratorRegardsfenzodahl512

Read other 9 answers
RELEVANCY SCORE 89.6

Got a msn messenger msg from a trusted fellow-i.t-guy friend. Ordinarily would ignore such but because it was him I foolishly went along with it. The message was "How do we look together? I think my picture editing skills are getting better". This is how I got tricked cuz I thought he was showing me some impressive photos of he and his wife. Anyways...I've tried several things to get rid of this spyware. It seems there was an initial trojan(s) which then downloaded other crap. From googling, I realise that there were earlier versions of XP Antivirus 2008 but this one is new and improved! Task manager is completely disabled. Start\Run box is non-existent. Lots of other wonderful stuff. Here's the Hijack This log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:55:01 p.m., on 5/09/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Google\Common\... Read more

A:Xp Antivirus 2008 Malware Obtained Via Windows Live Messenger

Please download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform full scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txtPost back with the Malwarebytes' Anti-Malware log and a new HijackThis log.

Read other 1 answers
RELEVANCY SCORE 89.6

Hi - First time post, so I'll try to sum up my problem as best as I can. Thankyou in advance to all those who can help.

I have a reasonably brand new Dell 1530 Laptop running vista, and have a full updated version of Mcafee Security Centre running.

I recently downloaded a file, which I thought to be suspect, so I scanned it using the Mcafee scanner, which said that the file was good.

I opened the file, and have had problems ever since.

The computer became infected with the 'Antivirus XP 2008', and exhibited all of the symptoms that everyone else is describing - pop up window suggesting many viruses, desktop changed, errors opening notebook.

Furthermore, since working in Vista's safe mode, I've also had issues with google search links sending me to a website... asiuoqgusdbaksd dot com which then redirects.

I have followed a number of posts, and have scanned my computer fully with Mcafee, CCleaner, Malware Bytes - Anti-Malware, Spybot S&D, and done some manual removal of files as well. I've also applied the Vundo fix, and the smitfraud fix, and most files seem to have disappeared.

I have two remaining problems that I can't seem to solve.

1. When I do a boot to normal vista, when it gets to the login screen, I get the 'Blue Screen' memory dump error - STOP 0x0000008E (0xC0000005 ...etc), and this just cycles when I leave it between rebooting, and this blue screen (this is my main problem!). Once in 30 approx reboots it can ge... Read more

A:Vista Memory Dump Probable Malware Cause - 'antivirus Xp 2008'

Download SmitfraudFix (by S!Ri) to your Desktop.http://siri.urz.free.fr/Fix/SmitfraudFix.exeDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.IMPORTANT: Do NOT run any other options until you are asked to do so!**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.would you post the number 1 log please

Read other 1 answers
RELEVANCY SCORE 88.4

Hey Bleeping Computer Expert!

I'm freaking out here, I visited the site mp3000.net and afterwards I've come down with the following symptoms:

1. Wallpaper changes to blue and in the middle it says WARNING! Spyware detected on your computer in a yellow box and underneath in a blue box it says to install antivirus.

2. ZoneAlarm keeps detecting this threat, but I can't seem to find it on Google - lphcvq3j0eecn.exe

3. Upon booting the computer the following windows scripting error appears - tt3.tmp.vbs not found

4. Upon booting the BIOS had some errors but I wasn't able to write them down

5. Antivirus 2008 XP just came up as well

I've downloaded the necessary programs and I await your response.

A:Wallpaper Turns Blue & Antivirus 2008 Xp Malware Infection - Going To College Soon!

http://www.bleepingcomputer.com/forums/ind...st&p=876163run MBAM, let it reboot to finish removal, then run it againpost both logsfast track

Read other 5 answers
RELEVANCY SCORE 88

Hi Moderators,

I got infected with the CNN pop-up even though I had McAfee. Thanks to your site I was able to remove it and a host of others that McAfee ' so called Security Centre could not.

My first question is -
What does the term" quarintine" on the display log?

How can I now remove the Antivirus XO 2008 and Register Antivirus 2008 Icons from my Start - Logon/Off window?

I have Windows XP and a "Compaq" computer.

Thanks you.

A:Antivirus Xp 2008/register Antivirus 2008

When an anti-virus quarantines a file by moving it into a virus vault (chest), that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat until you take action to delete it. One reason for doing this is to prevent deletion of a crucial file that may have been flagged as a "false positive". If that is the case, then you can restore the file and add it to the exclusion or ignore list. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure. When the quarantined file is known to be bad, you can delete it at any time.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download th... Read more

Read other 1 answers
RELEVANCY SCORE 82.8

{{{ how do i get it off my computer }}} the malwarebytes' anti-malware didnt work

XP Antivirus 2008, XP Antivirus 2009, and XPAntiVirus are rogue antivirus programs that, when run, display false results as a tactic to scare you into purchasing the software. Older versions of XP Antivirus would create 9 entries in your Windows Registry that impersonate infections on your machine. In reality, though, these registry entries were harmless and had absolutely no effect on your computer. Instead, these entries were set so that XP AntiVirus can find them when scanning your computer and report them as infections. The newer of versions of the program , such as XP Antivirus 2008 and XP Antivirus 2009, instead just display false results when scanning your computer that state infections were found. In order to remove these fake infections, though, you would first need to purchase the software as the trial does not allow you to remove them.

While running, XP Antivirus will also display fake alerts stating that you are infected or under attack from some type of threat. These alerts are fake and can be ignored. If you do click on the alert, though, it will prompt you to purchase the software. Examples of text contained in these alerts can be found below.

Privacy Violation alert!
XP antivirus detected Privacy Violation. Some program is secretly sending your private data to untrusted internet host. Click here to block this activity by removing threats (Recommended).

o... Read more

A:XP Antivirus 2008, XP Antivirus 2009, and XPAntiVirus are rogue antivirus programs that, when run, display false results as a t...

There are indeed a lot of those rogues out there, with the one and only scope of scaring you into buying their product.Unfortunately they get harder and harder to remove.For a list of removal guides for the latest rogues, see hereI am moving this topic to a more appropriate forum

Read other 1 answers
RELEVANCY SCORE 81.6

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

A:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

Read other 3 answers
RELEVANCY SCORE 81.2

Hi guys,
Thanks in advance for whatever you can me help with.

My wifes emachine 2772 was attacked on Sept. 17 by a desktop ad for "ANTIVIRUS XP 2008" . It replaced her desktop background with an ad for antivirus xp 2008 . She was able to rite click on the taskbar to close the popup. When we tried to replace the background picture I noticed that there was only 3 tabs on top of the video properties box. It allowed me the change the background, but no options for "tile" or "stretch" also no tab for the screeensaver settings.
She began a AVG 8 virus which found 30 infections.
SHeur.CJFE , Generic11vmi ,Downloader Generic7.AQMI,along with a few infested registry keys
She moved them to the virus vault .That is where they are now.
System Restore was not working, no restore points saved or allowed to be created.
During an AdAware scan, BSOD error messages began to appear alternating with the normal WindowsXP boot screen (black background "windows xp home edition"blue bar underneath). I thought that AdAware caused a restart, but it did not restart. The screensaver had come on and this was a slideshow of BSOD screenshots along with a normal XP boot screen to make it appear as if PC was actually rebooting after a crash.
After scanning with avg8 in Safe Mode it found 1 more SHeur.CJFE virus and moved it to the vault. At that time I was able to access the video property box , all the tabs were back and it is working normal.
System Restore point ... Read more

A:Solved: Malware Attack "ANTIVIRUS XP 2008"

bump
 

Read other 1 answers
RELEVANCY SCORE 81.2

Hello,
In the DISA Security Technical Implementation Guides (STIGS) there is a test for event tracing (#V31026). 
The STIG indicates that if you are running Win 2008 the absence of etwenable = false is not a 'finding' because event tracing is enabled by default (on 2008 servers) and it should be enabled and running.
Is this the same for windows 2008 R2 Enterprise Server?
I cannot find the element etwenable in my 2008 R2 Enterprise server test system, it does not exist.
Does that mean the requirement for the STIG is met, and event tracing IS enabled by default on Win 2008 R2 Enterprise Servers?  No further action is required to enable? 

Is there an easy way to verify it actually is enabled?  Check registry value, run script?

Excerpt from the STIG:
Microsoft Dot Net Framework 4.0 STIG
Rule Title:  Event tracing for Windows (ETW) for Common Language Runtime events must be enabled.
STIG ID: APPNET0067  Rule ID: SV-41075r1_rule 
Vuln ID: V-31026
Severity: CAT II Class: Unclass
NOTE:
Beginning with Windows Vista and Windows Server 2008, ETW Tracing is enabled by default and the "etwEnable" setting is not required in order for Event Tracing to be enabled. 
An etwEnable setting of "true" IS required in earlier versions of Windows as ETW is disabled by default.
Thank you,
V/R
Bill
William C. ?BC? Davis PMP, CISSP, IASO
Lead Infosec Engineer/Scientist
Comm:   781.271.5221
DSN: ... Read more

Read other answers
RELEVANCY SCORE 80.4

how can i remove all my old computer programs from my new hp slimline desktop260-po26 . mircosoft keeps loading all my old computer stuff everytime i hook up my att internet connection 

A:how to remove window server 2008 2008 sp1,sp2 vista,sp1,sp2,...

chuck5014 wrote:how can i remove all my old computer programs from my new hp slimline desktop260-po26 . mircosoft keeps loading all my old computer stuff everytime i hook up my att internet connection Could you clarify what you're having a problem with?   Post a screenshot if possible.

Read other 1 answers
RELEVANCY SCORE 78

Hi all,I have a PC with a 2.6 GHZ CPU, 1.5 GB RAM, a 250 GB internal C drive, 80 GB internal D drive and 2 external drives which were detached when the virus hit. I am running Windows XP Home with SP2. I use Panda Internet Security and Spybot S&D. Last week, I was hit with Antivirus 2008 Pro which crippled my PC for a couple days until I thought I had gotten rid of it with SpyHunter. It came back the next day and morphed into XPAntivirus, which also took a couple days to get off. Panda and Spybot didn't find anything when I ran them so I ended up using both Spyhunter and Spyware Doctor as well as SmitFraudFix and a couple of websites that listed files, directories, and registry keys that had to be deleted AND doing a complete clean install of XP after transferring all my relevant files over to an external drive. I finally got it off and was clean for almost a week until the night before last. I was trying to find a free PDF converter program for a friend of mine. I found PrimoPDF (not on the maker's website, unfortunately) and when I clicked on the install program, my computer restarted. When it came back on, I had the red alert message from Windows Automatic Updates which said that my updates were not turned on. When I tried to turn them on, the control panel said they were turned on but the red alert wouldn't go away and I couldn't go to the Microsoft update site manually. Also, error messages involving DLL files came up -- ubijcvin.dll and ijjcvslw.dll -- sayi... Read more

A:Infected By Antivirus 2008 Pro, Then Xpantivirus, And Now Antivirus 2009. . .

Hello Stacy and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)In the event you already have Combofix, delete your current version and download the latest ... Read more

Read other 8 answers
RELEVANCY SCORE 76.8

HiMy computer has been infected by Antivirus XP 2008 and following your instructions have been able to remove it (with spybot SD, as Malwarebytes was causing my system to crash) along with some other stuff but my system was still crashing with a variety of blue screen messages. I have uninstalled spybot and malwarebytes and ran all the other anti spyware programs apart from Trend Micro Housecall as this just kept freezing up part way through the scan and these actions seem to have stabalised the system. I have posted the Hijackthis log file as I believe I may still still have something lurking and/or need a few tweaks in places. I hope this is enough information and look forward to your replyMany Thanks in anticipation of your helpPetchyLogfile of Trend Micro HijackThis v2.0.2Scan saved at 13:04:52, on 21/08/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32... Read more

A:Antivirus Xp 2008

Hello and welcome to BC...Please download RSIT by random/random and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

Read other 13 answers
RELEVANCY SCORE 76.8

I have The antivirus2008...
When i searched for it or any of the files related to it you should search for, none came up
The folder is not in program files, witch is where alot of people say it is
I installed a couple of antivirus things and they all said my computer was fine,
Spy hunter found a piece of software called "Somefox"
But i dont want to pay to removve this.
Is my computer really messed up.
Or can i fix it?
I will post any other nessacary details.
 

A:Antivirus 2008

Hi jamesusillxd,

I have deleted your duplicate post in the General Security forum. Please do not create duplicate threads for the same problem.

Second I've edited your post for language. This is a family site so keep it clean.

Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 1 answers
RELEVANCY SCORE 76.8

Computer periodically restarts by itself and then show a blue screen the says something about an error while booting or somethingLogfile of Trend Micro HijackThis v2.0.2Scan saved at 7:27:41 PM, on 6/25/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\PESTPA~1\PPMemCheck.exeC:\PROGRA~1\PESTPA~1\PPControl.exeC:\PROGRA~1\PESTPA~1\CookiePatrol.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre1.6.0_06\bin\jusched.exeC:\WINDOWS\system32\lphc11lj0e97g.exeC:\Program Files\rhc51lj0e97g\rhc51lj0e97g.exeC:\Program Files\Google\Google Talk\googletalk.exeC:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSRespo... Read more

A:Antivirus Xp 2008

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 8 answers
RELEVANCY SCORE 76.8

It just refuses to go away. I have tried a couple of other forums, and this thing will not go away. The icon is gone and the background is gone. Its not in the start-up either and no pop-ups. However when I start up the old background, "warning: computer infected with spyware" flashes. Also, my add and remove programs do not work. Please help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:16:02 PM, on 6/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\system32\VTtrayp.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Fi... Read more

A:Antivirus 2008

Hello pinkgirl, I have tried a couple of other forums, and this thing will not go away. The icon is gone and the background is gone. Its not in the start-up either and no pop-ups. However when I start up the old background, "warning: computer infected with spyware" flashes. Please tell me what you have done to try and fix this? What forums did you post at previously?

Read other 44 answers
RELEVANCY SCORE 76.8

Hey guys,I would love some help getting rid of this bug. Not quite sure how I got it, but things are running slow with repetitive pop-ups. Any help is greatly appreciated. Many Thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:03:50 AM, on 6/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\System32\DSentry.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Maxtor\OneTouch\utils\Onetouch.exeC:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exeC:\WINDOWS\system32\ctfmon.exeC... Read more

A:Antivirus 2008 Pro - Need Help Please

...any thoughts???

Read other 3 answers
RELEVANCY SCORE 76.8

Right now I'm trying to fix a computer that recently became effected with the "Anitvirus XP 2008" virus. Its gotten so bad that we can't get onto the desktop, and when we press "f8" to start safe mode, the option will come up, but when we click "start in safe mode" the computer restarts itself. It's done this every time. I was digging around on the internet and I found something that said that I have to make a bootable cd. Is this right? If not, does anyone know how to get past this? Please reply! Thanks!
 

Read other answers
RELEVANCY SCORE 76.8

Somehow - I have had a long period of no problems after last visiting this forum and putting in place a lot of the "safety" measures suggested - this AntiVirus XP2008 has taken over my PC.

The effects are numerous.

1) replaces "wallpaper"? with a blue background with an antivirus message
2) Takes over IE and continually tells you you are un protected. FireFox seems ok.
3) Puts up annoying messages at the bottom of the screen telling you are infected with virues and are unprotected
4) It seems to have disabled Symantec Anti Virus live updater
5) after a period of time it produces a fake "blue screen of death" which you can get out of by just hitting escape
6) if you mistakenly click on one of the annoying messages it tells your computer is infected and must buy ($49) AntiVirus XP 2008.
7)If you try and uninstall it it either does nothing or automatically reinstalls.

There are many more annoying things rendering the PC basically unusable except if you use firefox and do what i did by serendipity just before.

I have followed the 5 steps but the last step - Deckards program. Downloaded it to desktop but it dosen't seem to want to work. On checking this by looking at Windows task manager I saw lots of "suspicious" looking processes which i halted. Of course i did not write down their names. This seemed to clean up the machine and allow me to type this post. But Deckard still dosen't seem to work.

I assume that these p... Read more

Read other answers
RELEVANCY SCORE 76.8

Hey, just recently after playing some games, this XP Anti Virus 2008 was put onto my computer, along with an icon. It keeps coming up at start up, and I usually end the process manually. The Anti Virus 2008 XP has changed my background and made my computer considerably slower. I've downloaded and used Spyware Doctor, but that didn't help it. I've also tried to manually remove it by following some direction on the net, but they didn't work either, as some of the instructions that was posted ended up being different for me. Is there a different way to remove this spyware?

Other trojans are now being detected as well, such as Joke.Blusod.

Hijack this log file:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\W... Read more

A:XP Antivirus 2008 help!!

UPDATE:

I just ran Spybot, and it found several infections that couldn't be deleted, namely Smitfraud-C.gp, Zlob.downloader, and couple more that I cannot remember (I ran spybot 2 days ago, and found no results). Over periods of time, my Symantec Anti Virus would pick up a trojan, and sometimes it would be cleaned by deletion, and other times it could not be deleted by Symantec.

Any solutions?

Thanks in advance
 

Read other 1 answers
RELEVANCY SCORE 76.8

I went to the McAfee forums and have tried everything including Malwarebyte's to get rid of the trojans on my computer but they keep coming back. Here is my hijack this logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 14:15:46, on 9/18/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Memeo\AutoBackup\MemeoService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\... Read more

A:Antivirus Xp 2008....have Tried Everything To Get Rid Of It.

Anyone?? I have so much work I need to be doing but I can't do it with this trojan.

Read other 8 answers
RELEVANCY SCORE 76.8

Hello all,

I"ve recently had my pc infected with "antivirus pro 2008". I was able to run spyhunter scanner (to the tune of $29.99) and it appears to have removed all of the infected files/progs. However, it looks like the infection has caused several problems.
Such as:

- "c" drive is not showing in "my computer".
- when trying to access the dispay (to set background, themes, etc) I'm recieving a message that states "the systems administrator has disabled the display function".
- it's removed everything from my start>settings option except "taskbar and start menu" (control panel, network connection, and printers and faxes are missing.

I'm sure theres other things that aren't working that I just havent found yet. It's deleted all of my previous restore points.

My pc is an Hp 3.0m with 2 gigs of memory running windows xp home (media center edition).

Can anyone point me in the right directions to getting all of my functions straightened out?

Many thanks in advance,

Jeff

A:Antivirus Pro 2008

Well...I would try a repair install of the operating system...but I would not be optimistic about the outcome.http://www.michaelstevenstech.com/XPrepairinstall.htmHave you posted your situation in the forum sections dealing with malware/viruses, etc.?They are a knowledgeable, helpful group and that would be my suggestion before doing anything.BleepingComputer.com - Am I infected What do I do - http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/ Louis

Read other 3 answers
RELEVANCY SCORE 76.8

How does one remove this nasty virus?
 

Read other answers
RELEVANCY SCORE 76.8

i've been having problems with these fake programs who claim to clean out viruses from your computer but end up pestering you and giving you annoying messages about viruses present in the computer. The annoying part about it is that the virus i currently have (Antivirus XP 2008) cannot be removed with the Add/Remove programs.This is really difficult to remove and i need advice on what to do to completely remove it since it keeps on installing itself and it has gotten to the point that it interrupts me internet browsing to tell me to buy the product because i have many viruses on my computer. Also, i would like to know if there are any SAFE virus removing programs out there that i can download for free.HELP. i've been reading blogs and websites but the removal instructions are very complicated. i dont want to damage my computer ever more by making the wrong move while attempting to remove this virus!!!please i need help!

A:How Do I Get Rid Of Antivirus Xp 2008? Help

Hello and welcome, i have deleted the duplicate post you made in the antivirus forum as you will be helped here.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the messa... Read more

Read other 1 answers
RELEVANCY SCORE 76.8

Hello,

I registered today because I followed your "How to remove Antivirus XP 2008 (Uninstall Instructions)", but I believe I was still infected after that. I noticed something that I did not find described anywhere and may be of help to others:

When I was first infected with that thing I noticed a new file %WINDIR%\system32\el32.dll that was in use while the virus did its thing. I removed it in the recovery console (started from XP CD), but it reappeared shortly after that.

The malwarebytes software that you recommend removed most symptoms but left el32.dll in place. Also it claimed that the dll was "not infected". However, it was still newly created and still in use, which made me suspicious. I got rid of it as follows:
- downloaded PrcView 5.2.15 (google for newest version of PrcView)
- In PrcView, go to menu View | Module Usage, find el32.dll in the list. Right-click dll, select "Filter Process List"
- Now only one instance of svchost.exe is shown in the main window of PrcView (note that svchost.exe is a generic process host, it is not necessarily bad). Rightclick that instance and select kill (it would have been smart to first check how it was run - that prcview also can do, but I did not think of that - sorry)
- After that I run combofix which deleted some files:
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Berend\Applic... Read more

Read other answers
RELEVANCY SCORE 76.8

I signed up for the free sample anti Spyware hoping to remove ANTIVIRUS XP 2008 but in signing up for a discussion forum this is all I found.

Is there a tutorial/configure free way to remove this fake programme?

A:Antivirus Xp 2008

http://www.bleepingcomputer.com/malware-re...virus-2008-2009

Read other 7 answers