lesser-equity

Computer Juice Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Hit by Antivirus XP 2008

Register Site Spy Member List Donate Unanswered Posts Search Today's Posts Mark Forums Read Forum Rules



Reply
Page 1 of 3 1 23
 
Thread Tools
  #1  
Old 5th Jul 2008, 08:54
Member Group
  
Posts: 80
Default Hit by Antivirus XP 2008
Hi guys..I just opened an email and got hit with a Antivirus XP 2008 virus. Cant get rid of it. Any help much appreciated..
  #2  
Old 5th Jul 2008, 09:13
Moderator Group
  
Skill Level: Advanced
Posts: 6,743
Default Hit by Antivirus XP 2008
Start HERE

Post the logs when complete.
__________________
  #3  
Old 5th Jul 2008, 09:34
Member Group
  
Posts: 80
Default Hit by Antivirus XP 2008
Sorry mate I dont understand..What do you want me to do with it all?
  #4  
Old 5th Jul 2008, 09:44
Administrator Group
  
Skill Level: Advanced
Posts: 9,562
Default Hit by Antivirus XP 2008
Take the time to read it and then run the software and post the log files so we can see what is going on with your PC.
__________________

My System: The Hybrid Lappy

Processor(s):
AMD Turion 64 x2 TL-64 2.2GHz
Motherboard:
HP nForce 560
RAM Memory:
2GB DDR2 PC2-5300
Graphics Card(s):
Nvidia 7150M Onboard Integrated
Sound Card:
5.1 Onboard Integrated
Hard Drive(s):
250GB 5400RPM SATA300
Optical Drive(s):
18x CD/DVDRW-DL ATA
Case / PSU:
Stock HP
Cooling:
Stock HP
Network / Internet:
10/100 Nic / 10MB Virgin Cable
Monitor(s):
17" WXGA+ HD BrightView Widescreen
Operating System(s):
Windows Vista Home Premium 32 SP1
  #5  
Old 5th Jul 2008, 11:59
Member Group
  
Posts: 80
Default Hit by Antivirus XP 2008
Heres the logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/05/2008 at 05:20 PM
Application Version : 4.15.1000
Core Rules Database Version : 3497
Trace Rules Database Version: 1488
Scan type : Quick Scan
Total Scan Time : 00:10:14
Memory items scanned : 268
Memory threats detected : 1
Registry items scanned : 407
Registry threats detected : 26
File items scanned : 6977
File threats detected : 175
Rogue.AntiVirus XP 2008
C:\PROGRAM FILES\RHCPV6J0EREL\RHCPV6J0EREL.EXE
C:\PROGRAM FILES\RHCPV6J0EREL\RHCPV6J0EREL.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\AA\RHCPV6J0EREL\RHCPV6J0EREL.EXE
Rogue.Dropper/Gen
[lphctv6j0erel] C:\WINDOWS\SYSTEM32\LPHCTV6J0EREL.EXE
C:\WINDOWS\SYSTEM32\LPHCTV6J0EREL.EXE
Adware.Tracking Cookie
C:\Documents and Settings\Danny\Cookies\danny@serving-sys[1].txt
C:\Documents and Settings\Danny\Cookies\danny@burstnet[2].txt
C:\Documents and Settings\Danny\Cookies\danny@media.adrevolver[1].txt
C:\Documents and Settings\Danny\Cookies\danny@clickbank[1].txt
C:\Documents and Settings\Danny\Cookies\danny@advertpro[1].txt
C:\Documents and Settings\Danny\Cookies\danny@e-2dj6wjnywnc5eeo.stats.esomniture[2].txt
C:\Documents and Settings\Danny\Cookies\danny@tribalfusion[1].txt
C:\Documents and Settings\Danny\Cookies\danny@adserver.mediarun[1].txt
C:\Documents and Settings\Danny\Cookies\danny@192[2].txt
C:\Documents and Settings\Danny\Cookies\danny@adviva[2].txt
C:\Documents and Settings\Danny\Cookies\danny@ehg-mgnlimited.hitbox[2].txt
C:\Documents and Settings\Danny\Cookies\danny@sex-video[2].txt
C:\Documents and Settings\Danny\Cookies\danny@mediaplex[1].txt
C:\Documents and Settings\Danny\Cookies\danny@stat.onestat[1].txt
C:\Documents and Settings\Danny\Cookies\danny@adrevenue[1].txt
C:\Documents and Settings\Danny\Cookies\danny@ads.videhost[2].txt
C:\Documents and Settings\Danny\Cookies\danny@ads.pugetsoundsoftwar e[1].txt
C:\Documents and Settings\Danny\Cookies\danny@advertising[2].txt
C:\Documents and Settings\Danny\Cookies\danny@doubleclick[2].txt
C:\Documents and Settings\Danny\Cookies\danny@www.burstnet[1].txt
C:\Documents and Settings\Danny\Cookies\danny@tracking.summitmedia. co[1].txt
C:\Documents and Settings\Danny\Cookies\danny@bs.serving-sys[1].txt
C:\Documents and Settings\Danny\Cookies\danny@tacoda[1].txt
C:\Documents and Settings\Danny\Cookies\danny@s[1].txt
C:\Documents and Settings\Danny\Cookies\danny@kontera[2].txt
C:\Documents and Settings\Danny\Cookies\danny@data.coremetrics[1].txt
C:\Documents and Settings\Danny\Cookies\danny@questionmarket[1].txt
C:\Documents and Settings\Danny\Cookies\danny@roiservice[1].txt
C:\Documents and Settings\Danny\Cookies\danny@adbrite[2].txt
C:\Documents and Settings\Danny\Cookies\danny@counter.hitslink[1].txt
C:\Documents and Settings\Danny\Cookies\danny@adserving.muppetism[1].txt
C:\Documents and Settings\Danny\Cookies\danny@cgi-bin[4].txt
C:\Documents and Settings\Danny\Cookies\danny@vhost.oddcast[2].txt
C:\Documents and Settings\Danny\Cookies\danny@rotator.adjuggler[2].txt
C:\Documents and Settings\Danny\Cookies\danny@s1.trafficmaxx[1].txt
C:\Documents and Settings\Danny\Cookies\danny@www.stilemedia[1].txt
C:\Documents and Settings\Danny\Cookies\danny@ads.ookla[2].txt
C:\Documents and Settings\Danny\Cookies\danny@neocounter2[1].txt
C:\Documents and Settings\Danny\Cookies\danny@ad1.doublepimp[1].txt
C:\Documents and Settings\Danny\Cookies\danny@te.kontera[2].txt
C:\Documents and Settings\Danny\Cookies\danny@9167811[2].txt
C:\Documents and Settings\Danny\Cookies\danny@adrevolver[3].txt
C:\Documents and Settings\Danny\Cookies\danny@indextools[2].txt
C:\Documents and Settings\Danny\Cookies\danny@sexyandshocking[1].txt
C:\Documents and Settings\Danny\Cookies\danny@yadro[1].txt
C:\Documents and Settings\Danny\Cookies\danny@w00tpublishers.wootme dia[1].txt
C:\Documents and Settings\Danny\Cookies\danny@dynamic.media.adrevol ver[1].txt
C:\Documents and Settings\Danny\Cookies\danny@e-2dj6wfkokkcjcao.stats.esomniture[2].txt
C:\Documents and Settings\Danny\Cookies\danny@atwola[1].txt
C:\Documents and Settings\Danny\Cookies\danny@zedo[1].txt
C:\Documents and Settings\Danny\Cookies\danny@adecn[2].txt
C:\Documents and Settings\Danny\Cookies\danny@mobilefun.112.2o7[1].txt
C:\Documents and Settings\Danny\Cookies\danny@m1.webstats.motigo[1].txt
C:\Documents and Settings\Danny\Cookies\danny@adrevolver[1].txt
C:\Documents and Settings\Danny\Cookies\danny@1068755026[2].txt
C:\Documents and Settings\Danny\Cookies\danny@specificclick[1].txt
C:\Documents and Settings\Danny\Cookies\danny@firstchoice[1].txt
C:\Documents and Settings\Danny\Cookies\danny@2o7[2].txt
C:\Documents and Settings\Danny\Cookies\danny@tradedoubler[1].txt
C:\Documents and Settings\Danny\Cookies\danny@ads.techguy[1].txt
C:\Documents and Settings\Danny\Cookies\danny@adultadworld[1].txt
C:\Documents and Settings\Danny\Cookies\danny@ehg-bestbuy.hitbox[1].txt
C:\Documents and Settings\Danny\Cookies\danny@firstchoice[2].txt
C:\Documents and Settings\Danny\Cookies\danny@ehg-twi.hitbox[2].txt
C:\Documents and Settings\Danny\Cookies\danny@ad.yieldmanager[2].txt
C:\Documents and Settings\Danny\Cookies\danny@revsci[1].txt
C:\Documents and Settings\Danny\Cookies\danny@statse.webtrendslive[2].txt
C:\Documents and Settings\Danny\Cookies\danny@exchange.ggmedia[1].txt
C:\Documents and Settings\Danny\Cookies\danny@adlegend[1].txt
C:\Documents and Settings\Danny\Cookies\danny@cgi-bin[1].txt
C:\Documents and Settings\Danny\Cookies\danny@shopping.112.2o7[1].txt
C:\Documents and Settings\Danny\Cookies\danny@ehg-iwantoneofthose.hitbox[2].txt
C:\Documents and Settings\Danny\Cookies\danny@ads.digitalrock.co[1].txt
C:\Documents and Settings\Danny\Cookies\danny@63701567[2].txt
C:\Documents and Settings\Danny\Cookies\danny@overture[1].txt
C:\Documents and Settings\Danny\Cookies\danny@ad1.clickhype[1].txt
C:\Documents and Settings\Danny\Cookies\danny@a[1].txt
C:\Documents and Settings\Danny\Cookies\danny@bluestreak[1].txt
C:\Documents and Settings\Danny\Cookies\danny@statcounter[1].txt
C:\Documents and Settings\Danny\Cookies\danny@atdmt[1].txt
C:\Documents and Settings\Danny\Cookies\danny@ads.pubmatic[2].txt
C:\Documents and Settings\Danny\Cookies\danny@247realmedia[2].txt
C:\Documents and Settings\Danny\Cookies\danny@avgtechnologies.112.2 o7[2].txt
C:\Documents and Settings\Danny\Cookies\danny@bravenet[1].txt
C:\Documents and Settings\Danny\Cookies\danny@heavycom.122.2o7[1].txt
C:\Documents and Settings\Danny\Cookies\danny@stat.dealtime[2].txt
C:\Documents and Settings\Danny\Cookies\danny@adopt.euroclick[2].txt
C:\Documents and Settings\Danny\Cookies\danny@server.iad.liveperson[2].txt
C:\Documents and Settings\Danny\Cookies\danny@fastclick[1].txt
C:\Documents and Settings\Danny\Cookies\danny@tripod[1].txt
C:\Documents and Settings\Danny\Cookies\danny@adtech[1].txt
C:\Documents and Settings\Danny\Cookies\danny@enhance[2].txt
C:\Documents and Settings\Danny\Cookies\danny@ehg-systemax.hitbox[2].txt
C:\Documents and Settings\Danny\Cookies\danny@stilemedia[1].txt
C:\Documents and Settings\Danny\Cookies\danny@gostats[1].txt
C:\Documents and Settings\Danny\Cookies\danny@network-ca.247realmedia[1].txt
C:\Documents and Settings\Danny\Cookies\danny@hitbox[2].txt
C:\Documents and Settings\Danny\Cookies\danny@AdRotator[2].txt
C:\Documents and Settings\Danny\Cookies\danny@1048893890[2].txt
C:\Documents and Settings\Danny\Cookies\danny@cgi-bin[3].txt
C:\Documents and Settings\Danny\Cookies\danny@www.clash-media[2].txt
C:\Documents and Settings\Danny\Cookies\danny@indexstats[2].txt
C:\Documents and Settings\Danny\Cookies\danny@test.coremetrics[1].txt
C:\Documents and Settings\Danny\Cookies\danny@eas.apm.emediate[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@adtech[2].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@ehg-iwantoneofthose.hitbox[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@sextracker[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@ad.yieldmanager[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@metacafe.122.2o7[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@stat.onestat[2].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@counter4.sextracker[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@doubleclick[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@atdmt[2].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@as1.falkag[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@hg1.hitbox[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@c1.zedo[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@counter13.sextracker[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@counter15.sextracker[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@hitbox[2].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@adrevolver[2].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@adrevolver[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@zedo[2].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@targetnet[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@adopt.hbmediapro[2].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@2o7[1].txt
C:\Documents and Settings\Danny\Local Settings\Temp\Cookies\danny@atwola[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@stats.searchtrack[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@atdmt[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@fifteen[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@www.fifteen[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@e-2dj6wflisidjkko.stats.esomniture[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@adtech[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@marksandspencer.122 .2o7[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@adrevolver[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@perf.overture[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@windowsmedia[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@statcounter[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@msnportal.112.2o7[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@accounts[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@e-2dj6wflyckcjabo.stats.esomniture[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@ehg-debenhams.hitbox[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@paypal.112.2o7[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@tracker.roitesting[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@bravenet[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@adopt.euroclick[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@indexstats[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@data4.perf.overture[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@bs.serving-sys[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@revsci[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@mediaplex[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@etype.adbureau[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@112.2o7[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@hitbox[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@ehg-bskyb.hitbox[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@ads.telegraph.co[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@statse.webtrendsliv e[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@questionmarket[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@serving-sys[1].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@tradedoubler[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@indextools[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@2o7[2].txt
C:\Documents and Settings\Rozzie\Cookies\rozzie@advertising[2].txt
Rogue.AntiSpywareExpert
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBE VTSVC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBE VTSVC#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBE VTSVC\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBE VTSVC\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBE VTSVC\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBE VTSVC\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBE VTSVC\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBE VTSVC\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBE VTSVC\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBE VTSVC\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBE VTSVC\0000\Control#ActiveService
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc#Ty pe
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc#St art
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc#Er rorControl
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc#Im agePath
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc#Di splayName
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc#Ob jectName
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc#Op t
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc\Se curity
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc\Se curity#Security
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc\En um
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc\En um#0
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc\En um#Count
HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc\En um#NextInstance
NotHarmful.Sysinternals Bluescreen Screen Saver
C:\WINDOWS\SYSTEM32\BLPHCTV6J0EREL.SCR
Trojan.Unclassified/CBEvtSvc
C:\WINDOWS\SYSTEM32\CBEVTSVC.EXE
C:\WINDOWS\Prefetch\CBEVTSVC.EXE-2F4C36CD.pf
Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\PHCTV6J0EREL.BMP



Malwarebytes' Anti-Malware 1.19
Database version: 924
Windows 5.1.2600 Service Pack 3
19:22:42 05/07/2008
mbam-log-7-5-2008 (19-22-42).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 113635
Time elapsed: 42 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4}\RP2\A0000029.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4}\RP2\A0000047.dll (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4}\RP4\A0000262.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4}\RP4\A0000485.dll (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

JavaRa 1.08 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Sat Jul 05 19:49:54 2008
Found and removed: C:\Program Files\Java\jre1.6.0_05Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0F ound and removed: Software\JavaSoft\Java2D\1.5.0_02Found and removed: Software\JavaSoft\Java2D\1.5.0_04Found and removed: Software\JavaSoft\Java2D\1.5.0_06Found and removed: Software\JavaSoft\Java2D\1.5.0_09Found and removed: Software\JavaSoft\Java2D\1.5.0_10Found and removed: Software\JavaSoft\Java2D\1.5.0_11Found and removed: SOFTWARE\Classes\JavaPlugin.150_02Found and removed: SOFTWARE\Classes\JavaPlugin.150_04Found and removed: SOFTWARE\Classes\JavaPlugin.150_06Found and removed: SOFTWARE\Classes\JavaPlugin.150_09Found and removed: SOFTWARE\Classes\JavaPlugin.150_10------------------------------------Finished reporting.


Thanks guys
  #6  
Old 5th Jul 2008, 12:01
Moderator Group
  
Skill Level: Advanced
Posts: 6,743
Default Hit by Antivirus XP 2008
Need the Hijackthis log now.
__________________
  #7  
Old 5th Jul 2008, 12:25
Member Group
  
Posts: 80
Default Hit by Antivirus XP 2008
Oops sorry. Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:24:21, on 05/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\OSD.EXE
C:\WINDOWS\system32\SB.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\United Alerts\UnitedAlerts.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchFilter.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toysrus.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toysrus.co.uk/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [OSD] %SystemRoot%\System32\OSD.EXE
O4 - HKLM\..\Run: [SB] C:\WINDOWS\system32\SB.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SMrhcpv6j0erel] C:\Program Files\rhcpv6j0erel\rhcpv6j0erel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [United Alerts] C:\Program Files\United Alerts\UnitedAlerts.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Medion-UK - {CE67CBC2-5CCB-4FC4-BA83-51AE4878170C} - http://www.medion.co.uk (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1106745510172
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1215253028000
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
--
End of file - 10438 bytes
  #8  
Old 5th Jul 2008, 12:32
Moderator Group
  
Skill Level: Advanced
Posts: 6,743
Default Hit by Antivirus XP 2008
Still some work to do.

Download SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Now then reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard).
  • Finally copy and paste the contents of the results file Report.txt with a NEW HijackThis log in your next reply.
If SDFix won't run or you get errors, follow the link for instructions on running SDFix. How to use SDFix

----------

Next post add
SDFix log
A NEW Hijackthis log
__________________
  #9  
Old 5th Jul 2008, 13:34
Member Group
  
Posts: 80
Default Hit by Antivirus XP 2008
OK Next logs

SDFix: Version 1.201
Run by Danny on 05/07/2008 at 21:08
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Songs\SDFix
Checking Services :

Restoring Default Security Values
Restoring Default Hosts File
Rebooting

Checking Files :
No Trojan Files Found



Removing Temp Files
ADS Check :


Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 21:21:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\BTHPORT\Parameters\Keys\000c55050b1d]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\B THPORT\Parameters\Keys\000c55050b1d]
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000aa
"TracesSuccessful"=dword:00000005
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe:*:Enabled:eTrust Antivirus - RPC Server"
"C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe:*:Enabled:eTrust Antivirus - Local Scanner"
"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe:*:Enabled:eTrust Antivirus - Realtime monitor"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\United Alerts\\UnitedAlerts.exe"="C:\\Program Files\\United Alerts\\UnitedAlerts.exe"
"C:\\Program Files\\ICQ\\Icq.exe"="C:\\Program Files\\ICQ\\Icq.exe:*:Enabled:ICQ"
"C:\\Program Files\\CA\\eTrust Antivirus\\Shellscn.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\Shellscn.exe:*:Enabled:Shellscn"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:E nabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorren t DNA"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\United Alerts\\UnitedAlerts.exe"="C:\\Program Files\\United Alerts\\UnitedAlerts.exe"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :

Files with Hidden Attributes :
Wed 26 Jan 2005 4,704 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 13 Jul 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 5 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 13 Jun 2005 7,420 A..H. --- "C:\Documents and Settings\Rozzie\Local Settings\Temp\Mar15.tmp"
Mon 13 Jun 2005 7,420 A..H. --- "C:\Documents and Settings\Rozzie\Local Settings\Temp\Mar9.tmp"
Mon 13 Jun 2005 7,420 A..H. --- "C:\Documents and Settings\Rozzie\Local Settings\Temp\MarA.tmp"
Sat 5 Jul 2008 96 A..H. --- "C:\Documents and Settings\All Users\Application Data\avg8(2)\scanlogs\srmcheck.tmp"
Wed 13 Jul 2005 4,348 ...H. --- "C:\Documents and Settings\Danny\My Documents\My Music\License Backup\drmv1key.bak"
Wed 25 Jan 2006 20 A..H. --- "C:\Documents and Settings\Danny\My Documents\My Music\License Backup\drmv1lic.bak"
Wed 13 Jul 2005 312 A.SH. --- "C:\Documents and Settings\Danny\My Documents\My Music\License Backup\drmv2key.bak"
Finished!


and


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:52, on 05/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\OSD.EXE
C:\WINDOWS\system32\SB.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\United Alerts\UnitedAlerts.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchFilter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toysrus.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toysrus.co.uk/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [OSD] %SystemRoot%\System32\OSD.EXE
O4 - HKLM\..\Run: [SB] C:\WINDOWS\system32\SB.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SMrhcpv6j0erel] C:\Program Files\rhcpv6j0erel\rhcpv6j0erel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [United Alerts] C:\Program Files\United Alerts\UnitedAlerts.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Medion-UK - {CE67CBC2-5CCB-4FC4-BA83-51AE4878170C} - http://www.medion.co.uk (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1106745510172
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1215253028000
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
--
End of file - 10422 bytes
  #10  
Old 5th Jul 2008, 13:38
Moderator Group
  
Skill Level: Advanced
Posts: 6,743
Default Hit by Antivirus XP 2008
I need to have some more information on a couple of files. Post the links here to the results when complete.

Scan Suspicious File(s)

Visit Virustotal
(If more than one file needs scanned they must be done separately and logs posted for each one)
  • Copy the file path in the below Code box:
Code:
C:\Program Files\rhcpv6j0erel\rhcpv6j0erel.exe
  • At the upload site, click once inside the window next to Browse.
  • Press Ctrl+V on the keyboard (both at the same time) to paste the file path in the window.
  • Next click Send File
    • Your file will possibly be entered into a queue which normally takes less than a minute to clear.
  • This will perform a scan across multiple different virus scanning engines.
  • Important: Wait for all of the scanning engines to complete.
  • Copy and then Paste the link to the results in the next reply.
Now do the same with this file.

Code:
C:\Program Files\United Alerts\UnitedAlerts.exe
__________________

Please support this forum, donate towards our running costs.
Reply
Page 1 of 3 1 23

Similar Threads
Thread Thread Starter Forum Replies Last Post
WinPatrol 2008 evilfantasy Virus, Spyware & Security 0 25th Apr 2008 16:03
Hey, Registerd 3rd February 2008 Demtschuk Introduce Yourself Here 4 5th Feb 2008 15:41
Wooohhhhhooooooooo!!!!!!!!!!! 2008!!!!!!!! cheesewheels99 Off Topic Discussion 4 7th Jan 2008 06:52
Football Manager 2008 Jase123 PC & Console Gaming 1 12th Nov 2007 12:44
Football Manager 2008 HistoryGirl PC & Console Gaming 6 3rd Nov 2007 15:52

Tags
2008, antivirus, hit

Bookmarks
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish

Copyright ©2006 - 2009 Computer Juice.
Contact - Sitemap - Tags - Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.