Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybot/norton's Can't Remove Trojans


  • This topic is locked This topic is locked
2 replies to this topic

#1 Longnine009

Longnine009

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 02 May 2008 - 04:06 PM

Hello: I have trojans that spybot can't remove. I get messages about a problem with C:/program files/Spybot-search-destroy/includes/trojans.sbi and C:/program files/spybot-search-destroy/includes/trojansC.sbi When I try to install spybot's 152 version I get "The setup files are corrupted. Please obtain a new copy of the program." Nortons is hopeless. I can't even get it to auto scan email.

When I open a folder I usually get IE pop ups, even when I'm not using IE, such as "system message," or "view manager wants to access the Internet." Or an IE message such as "Notice: Your computer is infected. you could suffer data loss, erratic PC behavior PC freezes and crashes. Detect and remove viruses before they activate themselves on your PC. To prevent all these problems do you want to install Trusted Antivirus to scan your PC for malware now?"

I also sometimes get messages that Outlook Express want to send messages. Haven't seen "ET phone home" yet but I'm expecting that any day now.

I sure hope someone can help me this garbage.
Sincerely,
Bill

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-01 17:50:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-05-01 21:50:59 UTC - RP7 - Deckard's System Scanner Restore Point
1: 2008-05-01 21:21:48 UTC - RP6 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:06 PM, on 5/1/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {B04A6E56-5D85-4170-A24B-853A6ECBF1AD} - c:\windows\system32\cryptextl.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CBDB4E0B-A258-42A1-BCDF-7B39D6471629} - C:\WINDOWS\System32\drmv2cltw.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\Atguard\iamapp.exe
O4 - HKLM\..\Run: [PrimaLauncher] C:\WINDOWS\System32\Launcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Winsock32driver] winXPupdate.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127975222109
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1A16395-1C9C-42C8-BA5F-6DAA9AD77857}: NameServer = 205.152.144.23 205.152.132.23
O20 - Winlogon Notify: wgxeebyr - C:\WINDOWS\SYSTEM32\cryptextl.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - - (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: WRQ IAM (iamServ) - WRQ, Inc. - C:\Program Files\Atguard\iamserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - - (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9880 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 yfcoaugr - c:\windows\system32\drivers\flssqymz.dat
R1 Iamdrv - c:\program files\atguard\iamdrv.sys <Not Verified; WRQ, Inc.; AtGuard>
R2 ppsio2 (PPDevice) - c:\windows\system32\drivers\ppsio2.sys <Not Verified; ; Flatbed DevDriver/NT4>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 DNSFILT - c:\program files\atguard\dnsfilt.sys <Not Verified; WRQ, Inc.; AtGuard>
R3 FWFILT - c:\program files\atguard\fwfilt.sys <Not Verified; WRQ, Inc.; AtGuard>
R3 HTTPFILT - c:\program files\atguard\httpfilt.sys <Not Verified; WRQ, Inc.; AtGuard>
R3 NDISFILT - c:\program files\atguard\ndisfilt.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S1 SAVRT - - (file missing)
S2 USBAtapi2000 (USB-IDE Bridge) - c:\windows\system32\drivers\sci1pl.sys <Not Verified; ; USB-IDE/ATAPI Bridge Driver>
S3 Intels51 (Intel® 536EP Modem) - c:\windows\system32\drivers\intels51.sys
S3 PLSCSI - c:\windows\system32\drivers\sci0pl.sys <Not Verified; ; SCSI Mini Port Driver>
S4 SYMTDI - - (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 ccEvtMgr (Symantec Event Manager) - - (file missing)
S2 iamServ (WRQ IAM) - c:\program files\atguard\iamserv.exe <Not Verified; WRQ, Inc.; AtGuard>
S2 SNDSrvc (Symantec Network Drivers Service) - - (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-08-13 19:06:20 482 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job


-- Files created between 2008-04-01 and 2008-05-01 -----------------------------

2008-05-01 17:33:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-01 17:33:48 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-05-01 03:13:13 0 d-------- C:\Program Files\Trend Micro
2008-04-24 16:25:32 0 d-------- C:\Documents and Settings\Owner\Application Data\EPSON
2008-04-24 16:22:43 0 d-------- C:\EPSONREG
2008-04-24 16:19:58 0 d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-04-24 16:19:17 11776 --a------ C:\WINDOWS\System32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
2008-04-24 16:18:39 212480 --a------ C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-04-24 16:18:39 0 d-------- C:\Program Files\ArcSoft
2008-04-24 16:16:20 73220 --a------ C:\WINDOWS\System32\EPPICPrinterDB.dat
2008-04-24 16:16:19 1140 --a------ C:\WINDOWS\System32\EPPICPresetData_PT.dat
2008-04-24 16:16:19 1130 --a------ C:\WINDOWS\System32\EPPICPresetData_FR.dat
2008-04-24 16:16:19 1137 --a------ C:\WINDOWS\System32\EPPICPresetData_ES.dat
2008-04-24 16:16:19 1104 --a------ C:\WINDOWS\System32\EPPICPresetData_EN.dat
2008-04-24 16:16:19 1130 --a------ C:\WINDOWS\System32\EPPICPresetData_CF.dat
2008-04-24 16:16:19 1140 --a------ C:\WINDOWS\System32\EPPICPresetData_BP.dat
2008-04-24 16:16:19 4943 --a------ C:\WINDOWS\System32\EPPICPattern6.dat
2008-04-24 16:16:19 15670 --a------ C:\WINDOWS\System32\EPPICPattern5.dat
2008-04-24 16:16:19 10673 --a------ C:\WINDOWS\System32\EPPICPattern4.dat
2008-04-24 16:16:19 21021 --a------ C:\WINDOWS\System32\EPPICPattern3.dat
2008-04-24 16:16:19 13280 --a------ C:\WINDOWS\System32\EPPICPattern2.dat
2008-04-24 16:16:19 31053 --a------ C:\WINDOWS\System32\EPPICPattern131.dat
2008-04-24 16:16:19 27417 --a------ C:\WINDOWS\System32\EPPICPattern121.dat
2008-04-24 16:16:19 29114 --a------ C:\WINDOWS\System32\EPPICPattern1.dat
2008-04-24 16:16:18 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-04-24 16:10:20 0 d-------- C:\Program Files\epson
2008-04-17 22:09:08 0 d-------- C:\Program Files\CONEXANT
2008-04-11 22:25:23 642958 -ra------ C:\WINDOWS\System32\drivers\Intels51.sys
2008-04-11 22:09:46 0 d-------- C:\WINDOWS\LastGood
2008-04-11 21:53:56 0 d-------- C:\WINDOWS\LastGood.Tmp
2008-04-11 20:48:37 0 d-------- C:\WINDOWS\Profiles
2008-04-09 23:12:44 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-04-06 19:33:08 0 d-------- C:\Program Files\Common Files\Mozilla Shared
2008-04-06 19:32:52 6490880 --a------ C:\WINDOWS\System32\uklhjqbz.dat


-- Find3M Report ---------------------------------------------------------------

2008-05-01 15:57:44 0 d-------- C:\Program Files\Common Files
2008-04-26 18:41:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-24 16:14:43 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-22 18:34:10 43264 --a------ C:\WINDOWS\System32\nbugbeyx.dat
2008-04-16 18:20:51 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-13 21:08:03 35584 --a------ C:\WINDOWS\System32\udeetiyy.dat
2008-04-13 21:08:03 36608 --a------ C:\WINDOWS\System32\qqsutszg.dat
2008-04-11 20:48:36 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-01 09:56:44 638208 --a------ C:\WINDOWS\System32\xjcreaam.dat
2008-03-19 21:59:11 3888 --a------ C:\WINDOWS\viassary-hp.reg
2008-03-06 05:48:03 0 d-------- C:\Program Files\mIRC
2008-03-06 03:47:50 96768 --a------ C:\WINDOWS\System32\drmv2cltw.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B04A6E56-5D85-4170-A24B-853A6ECBF1AD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBDB4E0B-A258-42A1-BCDF-7B39D6471629}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [01/26/2004 06:24 AM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 08:04 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [08/20/2004 04:51 PM]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [08/21/2003 07:23 AM]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [08/21/2003 07:15 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 11:02 PM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 12:01 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/26/2004 08:29 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [11/03/2003 08:50 PM]
"VTTimer"="VTTimer.exe" []
"ccApp"="-" []
"LTMSG"="LTMSG.exe" [07/14/2003 09:52 PM C:\WINDOWS\ltmsg.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [09/12/2003 11:13 PM]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [12/11/2003 05:40 AM]
"iamapp"="C:\PROGRA~1\Atguard\iamapp.exe" [10/12/1999 03:52 PM]
"PrimaLauncher"="C:\WINDOWS\System32\Launcher.exe" [03/31/1999 05:24 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/16/2004 06:58 PM]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/2004 05:59 PM]
"ViewMgr"="C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [04/19/2004 12:06 PM]
"Winsock32driver"="winXPupdate.exe" []
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [08/20/2004 04:55 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [04/28/2005 04:41 AM]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06/16/2004 04:48 AM]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [10/12/2006 03:57 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [11/15/2004 04:18 PM]
"AIM"="C:\Program Files\AIM95\aim.exe" [04/27/2004 06:18 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [4/24/2004 6:38:16 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wgxeebyr]
cryptextl.dll 08/15/2003 10:06 PM 82432 C:\WINDOWS\system32\cryptextl.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
tfdnotdl




-- End of Deckard's System Scanner: finished at 2008-05-01 17:56:40 ------------

BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:17 PM

Posted 04 May 2008 - 12:11 PM

Hi Longnine009

Some backdoor trojans - have been/are active on your computer. It is known that these trojans can communicate with remote computers, download and run code, send emails and redirect browser requests. Unfortunately we cannot be sure about what they have done.

If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojans have been identified there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.

For more information read ....Here
If you choose to format and reinstall read...... Here

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy again.

Your system is also very out of date:
You still only have SP1 installed.
Your Java is well out of date.
These factors would not have helped in getting infected.

unite1.png


#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:17 PM

Posted 12 May 2008 - 04:15 PM

Due to the lack of feedback, this Topic is now closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite1.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users