webslinger760

Members
 View Profile  See their activity

  • Content Count

    1

  • Joined

  • Last visited

 Content Type 

Posts posted by webslinger760

  1. Antivirusxp08 Removal?

    in Malware Removal

    Posted

    Looks like I got AntivirusXP08 too.

    Here is the logfile. what can I do:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 7:20:52 PM, on 7/17/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

    C:\Program Files\Network Associates\VirusScan\Mcshield.exe

    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

    C:\lotus\notes\ntmulti.exe

    C:\Program Files\PatchLink\Update Agent\GravitixService.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\igfxpers.exe

    C:\Program Files\Analog Devices\Core\smax4pnp.exe

    C:\WINDOWS\System32\DLA\DLACTRLW.EXE

    C:\WINDOWS\system32\dpmw32.exe

    C:\WINDOWS\system32\NWTRAY.EXE

    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

    C:\Program Files\PatchLink\Update Agent\pddm.exe

    C:\WINDOWS\system32\lphc7l3j0e55g.exe

    C:\Program Files\rhc3l3j0e55g\rhc3l3j0e55g.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\pphc7l3j0e55g.exe

    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070116

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070116

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=172.20.11.3:8002;https=172.20.11.3:8002

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 172.20.11.4; 172.20.11.9; 172.20.11.7; anakin.safilousa.com; insite; 172.20.15.126; *.local; findev.safilousa.com; finprod.safilousa.com;<local>

    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

    O1 - Hosts: 172.20.11.199 OBIWAN

    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

    O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe

    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE

    O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [PDDM] C:\Program Files\PatchLink\Update Agent\pddm.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [lphc7l3j0e55g] C:\WINDOWS\system32\lphc7l3j0e55g.exe

    O4 - HKLM\..\Run: [sMrhc3l3j0e55g] C:\Program Files\rhc3l3j0e55g\rhc3l3j0e55g.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

    O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...04YYUS_ZZzer000

    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O15 - Trusted Zone: http://*.172.20.11.9

    O15 - Trusted Zone: http://anakin.safilousa.com

    O15 - Trusted Zone: *.172.20.15.126 (HKLM)

    O15 - ESC Trusted Zone: *.172.20.15.126 (HKLM)

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab

    O16 - DPF: {23DCBD12-69D8-4622-A5D6-4FE39FC51ECE} (DocumentX.DocMgr) - http://172.20.11.9/DocumentX.exe

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169484716968

    O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://webmail.safilousa.com/InternalSite/WhlCompMgr.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{37FB1010-C246-46B7-B4B3-E1226C137A66}: NameServer = 172.20.11.13,199.0.16.222

    O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe

    O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\lotus\notes\ntmulti.exe

    O23 - Service: PatchLink Update - PatchLink Corporation - C:\Program Files\PatchLink\Update Agent\GravitixService.exe

    --

    End of file - 9358 bytes