Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


New Version Of Xp Antivirus

  • Please log in to reply
1 reply to this topic

#1 tvgolf


  • Members
  • 1 posts
  • Local time:12:45 PM

Posted 25 June 2008 - 04:45 AM

I had a problema with a software intalled “XP Antivirus”, i read your comments and do all recomendations to remove however I think this is a new type or version of it. Im sending the hijackthis log information. I also have the #/$% message on my desktop that i have spyware detected and there is no way to delete it.

If you need any other information please tell.

Thank you guys.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 03:21:38 a.m., on 25/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:









C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe

C:\Archivos de programa\QuickTime\qttask.exe



C:\Archivos de programa\palmOne\Hotsync.exe

C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe


C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE



C:\Archivos de programa\Internet Explorer\iexplore.exe

C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.cr/

O2 - BHO: QXK Olive - {83EB5BB1-B24D-41FB-8D66-7F570E5BFA80} - C:\WINDOWS\gfetqaxsmnw.dll

O3 - Toolbar: enlfxgw - {C5C1C68B-79A3-461B-BF41-410CF67FABB4} - (no file)

O3 - Toolbar: gxvpsafm - {7D1DDA59-1111-444F-95B3-2B3B9264BB4E} - C:\WINDOWS\gxvpsafm.dll

O4 - HKLM\..\Run: [AVP] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [lphcc0fj0en0v] C:\WINDOWS\system32\lphcc0fj0en0v.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EPSON Stylus Photo R290 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKP.EXE /FU "C:\WINDOWS\TEMP\E_SCB.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [lphcc0fj0en0v] C:\WINDOWS\system32\lphcc0fj0en0v.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Archivos de programa\palmOne\Hotsync.exe

O8 - Extra context menu item: Add to Anti-Banner - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O21 - SSODL: qegbdmwf - {7CD3A1CC-52E2-4D41-B35B-2222B203DBB4} - C:\WINDOWS\qegbdmwf.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe


End of file - 3736 bytes

BC AdBot (Login to Remove)



#2 OldTimer


    Malware Expert

  • Members
  • 11,092 posts
  • Gender:Male
  • Location:North Carolina
  • Local time:02:45 PM

Posted 27 June 2008 - 03:21 PM

Hello tvgolf and welcome to BC. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Close ALL Internet browsers (very important).
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).


I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.

Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users