Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Xp 2008 Just Won't Leave My Pc Alone!


  • This topic is locked This topic is locked
2 replies to this topic

#1 FrankyB

FrankyB

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 04 September 2008 - 03:15 PM

I've had it for a while now, and the thing is, MalwareBytes seems to clear it up temporary. At least until the next reboot, in which the backup files of AntiVirus XP 2008 start the whole cycle all over again. It's frustrating. I was told to post a HijackThis log, so here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:24 PM, on 9/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\TEMP\mek11.tmp
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\rhcgqwj0en43\rhcgqwj0en43.exe
C:\WINDOWS\system32\pphclqwj0en43.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [lphclqwj0en43] C:\WINDOWS\system32\lphclqwj0en43.exe
O4 - HKLM\..\Run: [SMrhcgqwj0en43] C:\Program Files\rhcgqwj0en43\rhcgqwj0en43.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AVI Converter... - C:\Program Files\MP3 Player Utilities 5.09\AVIConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205406512531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205406496843
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: rodcsms - C:\WINDOWS\SYSTEM32\rodcsms32.dll
O23 - Service: Alerter AlerterW32TimeUPS (AlerterW32TimeUPS) - Unknown owner - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple Mobile Device Apple Service (Apple Service) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Audio AudioSrvNetlogon (AudioSrvNetlogon) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Audio AudioSrvRasMan (AudioSrvRasMan) - Unknown owner - C:\WINDOWS\
O23 - Service: Background Intelligent Transfer Service BITSW32TimeUPS (BITSW32TimeUPS) - Unknown owner - C:\WINDOWS\
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: DHCP Client DhcpNetlogon (DhcpNetlogon) - Unknown owner - C:\WINDOWS\
O23 - Service: Logical Disk Manager dmserverTapiSrv (dmserverTapiSrv) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Google Updater Service gusvcSSDPSRV (gusvcSSDPSRV) - Unknown owner - C:\WINDOWS\
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Server lanmanserverwuauserv (lanmanserverwuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Workstation lanmanworkstationPolicyAgentRpcLocator (lanmanworkstationPolicyAgentRpcLocator) - Unknown owner - C:\WINDOWS\
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcSamSs (mnmsrvcSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Network DDE NetDDEHTTPFilter (NetDDEHTTPFilter) - Unknown owner - C:\WINDOWS\
O23 - Service: Network DDE NetDDESSDPSRV (NetDDESSDPSRV) - Unknown owner - C:\WINDOWS\
O23 - Service: Network DDE NetDDEW32Time (NetDDEW32Time) - Unknown owner - C:\WINDOWS\
O23 - Service: Net Logon NetlogonUPS (NetlogonUPS) - Unknown owner - C:\WINDOWS\
O23 - Service: Removable Storage NtmsSvcMsBrowseSrv (NtmsSvcMsBrowseSrv) - Unknown owner - C:\WINDOWS\
O23 - Service: IPSEC Services PolicyAgentRpcLocator (PolicyAgentRpcLocator) - Unknown owner - C:\WINDOWS\
O23 - Service: Smart Card SCardSvrlanmanserver (SCardSvrlanmanserver) - Unknown owner - C:\WINDOWS\
O23 - Service: Task Scheduler Scheduledmserver (Scheduledmserver) - Unknown owner - C:\WINDOWS\
O23 - Service: System Event Notification SENSSENS (SENSSENS) - Unknown owner - C:\WINDOWS\
O23 - Service: Shell Hardware Detection ShellHWDetectionAlerter (ShellHWDetectionAlerter) - Unknown owner - C:\WINDOWS\
O23 - Service: Print Spooler SpoolerNetlogon (SpoolerNetlogon) - Unknown owner - C:\WINDOWS\
O23 - Service: Print Spooler SpoolerPolicyAgentRpcLocator (SpoolerPolicyAgentRpcLocator) - Unknown owner - C:\WINDOWS\
O23 - Service: System Restore Service srserviceNtmsSvc (srserviceNtmsSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: System Restore Service srserviceWebClient (srserviceWebClient) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Image Acquisition (WIA) stisvcVSS (stisvcVSS) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Image Acquisition (WIA) stisvcVSS stisvcVSSEventSystem (stisvcVSSEventSystem) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Image Acquisition (WIA) stisvcVSS stisvcVSSEventSystem stisvcVSSEventSystemdmserver (stisvcVSSEventSystemdmserver) - Unknown owner - C:\WINDOWS\
O23 - Service: Telnet TlntSvrShellHWDetection (TlntSvrShellHWDetection) - Unknown owner - C:\WINDOWS\
O23 - Service: Telnet TlntSvrSpooler (TlntSvrSpooler) - Unknown owner - C:\WINDOWS\
O23 - Service: Distributed Link Tracking Client TrkWksAlerterW32TimeUPS (TrkWksAlerterW32TimeUPS) - Unknown owner - C:\WINDOWS\
O23 - Service: Volume Shadow Copy VSSEventlog (VSSEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Time W32TimeUPS (W32TimeUPS) - Unknown owner - C:\WINDOWS\
O23 - Service: WebClient WebClient Service (WebClient Service) - Unknown owner - C:\WINDOWS\
O23 - Service: WebClient WebClient Service WebClientAudioSrvNetlogon (WebClientAudioSrvNetlogon) - Unknown owner - C:\WINDOWS\
O23 - Service: WMI Performance Adapter WmiApSrvgusvc (WmiApSrvgusvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Management Instrumentation Driver Extensions WmiMSDTC (WmiMSDTC) - Unknown owner - C:\WINDOWS\
O23 - Service: Security Center wscsvc Service (wscsvc Service) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Driver Foundation - User-mode Driver Framework WudfSvcstisvc (WudfSvcstisvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Wireless Zero Configuration WZCSVCTlntSvrShellHWDetection (WZCSVCTlntSvrShellHWDetection) - Unknown owner - C:\WINDOWS\

--
End of file - 12873 bytes

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 06 September 2008 - 03:06 AM

Hello and welcome to BC..


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 14 September 2008 - 05:09 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users