infected by a trojan

View previous topic View next topic Go down

infected by a trojan

Post by kmiller313 on Sun Apr 19, 2009 5:00 pm

have been receiving warnings that a trojan has been detected and is trying to transfer privated data via internet. notices are from winpc antivirus

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:04 AM, on 4/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe
C:\Program Files\Zango\bin\10.3.75.0\Weather.exe
C:\Documents and Settings\Owner\Application Data\winav.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ZyXEL\ZyXEL G-220 v2 Wireless Adapter Utility\ZyXEL G-220 v2.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1T9BYN1U\hijackgpthis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [DIGStream] "C:\Program Files\DIGStream\digstream.exe"
O4 - HKLM\..\Run: [DIGServices] "C:\Program Files\ESPNRunTime\DIGServices.exe" /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINNT\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [ZangoOE] "C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe"
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [ShutterflyStudio] "C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe" /trayonly
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.75.0\Weather.exe" -auto
O4 - HKCU\..\Run: [sysav] "C:\Documents and Settings\Owner\Application Data\winav.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: ZyXEL G-220 v2 Wireless Adapter Utility.lnk = ?
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Word Racer - [You must be registered and logged in to see this link.]
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} (Wizard101GameLauncher) - [You must be registered and logged in to see this link.]
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - [You must be registered and logged in to see this link.]
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - [You must be registered and logged in to see this link.]
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12968 bytes

THANK YOU!!

kmiller313
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-04-19
OS OS : xp
Points Points : 27880
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected by a trojan

Post by Belahzur on Sun Apr 19, 2009 5:11 pm

Hello.

I strongly recommend you to remove Ask from your computer because it's:

  • Promoting its toolbars on sites targeted to kids.
  • Promoting its toolbars through ads that appear to be part of other companies' sites.
  • Promoting its toolbars through other companies' spyware.
  • Installing without any disclosure whatsoever and without any consent whatsoever.
  • Soliciting installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • Making confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
See [You must be registered and logged in to see this link.] for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Ask Toolbar
Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [UserFaultCheck] C:\WINNT\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [ZangoOE] "C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe"
    O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe"
    O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.75.0\Weather.exe" -auto
    O4 - HKCU\..\Run: [sysav] "C:\Documents and Settings\Owner\Application Data\winav.exe"
    O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: infected by a trojan

Post by kmiller313 on Sun Apr 19, 2009 7:48 pm

i did everything you suggested. here is the MBAM log. Thanks for your help.
Malwarebytes' Anti-Malware 1.36
Database version: 2009
Windows 5.1.2600 Service Pack 2
4/19/2009 2:12:58 PM
mbam-log-2009-04-19 (14-12-58).txt
Scan type: Quick Scan
Objects scanned: 93154
Time elapsed: 14 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 105
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 10
Files Infected: 48
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (Adware.Need2Find) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0729f461-8054-47dc-8d39-a31b61cc0119} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{40ca90f3-4098-4877-ae87-23eb612b18c7} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4c3b62af-ca25-4fba-8405-32e44f83bb6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5a635a91-c303-45c9-8db9-f759d98a3b9d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7e335d04-2e6e-4d0e-a921-c3d9192e7121} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99ccfb8c-6380-4a14-8fdd-ef3e7e95335d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b20d7add-989c-4bc0-a797-f6fe7998efd7} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bfc20a15-b0ac-44cc-a25a-a7039014ba9f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f019aec4-4c95-46de-a107-e302473e3b9a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2d00aa2a-69ef-487a-8a40-b3e27f07c91e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{86c5840b-80c4-4c30-a655-37344a542009} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4d1c4e80-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d1c4e8a-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d1c4e8c-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d1c4e89-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d1c4e8b-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{630d6140-04c5-4db0-b27a-020d766ff09b} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{148e1447-c728-48fd-beec-a7d06c5fff58} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ee46f55-1ce1-4db9-811a-68938ec7f3dd} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a87dfd99-cf81-4241-85ce-881e0026b686} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c96b9fae-a032-4100-bb47-32ef05e28be4} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{14113b47-d59c-4f0f-9d10-ff1730265584} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9c42a57-421c-4572-8b12-249c59183d1c} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8292078f-f6e9-412b-8eb1-360c05c5ece5} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2447e305-5e90-42a8-bd1e-0bc333b807e1} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50d2fdcc-2707-49cb-8223-7fe0424909aa} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{878ce013-7ba9-4650-a78c-b2234c0c1648} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a5b6fa30-d317-41ca-9cb1-c898d3c7f34e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc19a5f2-b4ad-41d5-a5c9-0680904c1483} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{03d7ff6e-9781-40b5-bb7f-94291a361604} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3ceb04ab-08af-45f4-81b4-70d13c1f7b85} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a7213d71-47e1-4832-92d7-d61dfe9f231f} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf82f350-e1c4-4916-ac12-ba73db60afb7} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c62a9e79-2b52-439b-af57-2e60bb06e86c} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{15fd8424-d12a-4c51-8c6c-d5d57b80f781} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{67b3becf-7b6f-42b2-99f0-f7656f89cffa} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{715ffd42-4e05-4eab-9513-c8daa5395ae2} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{759d6f7c-8d30-45b6-abea-fa51c190eed5} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9a4a64a4-a2fb-48fa-9bba-1ac50267695d} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{62906e60-bce2-4e1b-9ed0-8b9042ee15e4} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9bfa98d-9935-4ea4-a05a-72c7f0778f02} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{abec1835-3181-4abd-8dde-875aec4df6d2} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0af9a087-0cbf-46b2-9dc9-52d0d16b5ab6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{a56fe01c-77c4-4f5e-8198-e4b72207890a} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{af55160d-cde1-4a8b-8001-66da06bee740} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{89085678-632d-4deb-bda0-cd912c63203e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30b15818-e110-4527-9c05-46ace5a3460d} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{618aad04-921f-44c2-be38-c0818af69861} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3788e535-897b-463d-b6d6-fee5b86ec144} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3788e535-897b-463d-b6d6-fee5b86ec144} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d3f940ea-4e87-423b-9091-934e1e4fceae} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d3f940ea-4e87-423b-9091-934e1e4fceae} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d3f940ea-4e87-423b-9091-934e1e4fceae} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinPC Antivirus (Rogue.WinPCAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Zango (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\zango (Adware.180Solutions) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINNT\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.75.0 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.75.0\firefox (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions\components (Adware.180Solutions) -> Quarantined and deleted successfully.

kmiller313
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-04-19
OS OS : xp
Points Points : 27880
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected by a trojan

Post by Belahzur on Sun Apr 19, 2009 8:06 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: infected by a trojan

Post by kmiller313 on Sun Apr 19, 2009 8:14 pm

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 15:10:24.17 on Sun 04/19/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.218 [GMT -5:00]


============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\ZyXEL\ZyXEL G-220 v2 Wireless Adapter Utility\ZyXEL G-220 v2.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINNT\System32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uWindow Title = Microsoft Internet Explorer provided by Verizon Online
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &ESPN: {ae6f2894-af10-4c9c-b16e-1dfc6ff8c0c6} - c:\program files\espn\toolbar\DIGToolBar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
EB: {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\winnt\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [ShutterflyStudio] "c:\program files\shutterfly\studio\bin\SFlyStudio.exe" /trayonly
mRun: [IgfxTray] c:\winnt\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
mRun: [Gateway Ink Monitor] "c:\program files\gateway utilities\GWInkMonitor.exe"
mRun: [NeroCheck] c:\winnt\system32\NeroCheck.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\winnt\system32\NvCpl.dll,NvStartup
mRun: [CTHelper] CTHELPER.EXE
mRun: [Microsoft Works Update Detection] "c:\program files\common files\microsoft shared\works shared\WkUFind.exe"
mRun: [Motive SmartBridge] c:\progra~1\verizon\smartb~1\MotiveSB.exe
mRun: [IPInSightLAN 01] "c:\program files\verizon online\visual ip insight\IPClient.exe" -l
mRun: [IPInSightMonitor 01] "c:\program files\verizon online\visual ip insight\IPMon32.exe"
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [nwiz] "nwiz.exe" /install
mRun: [EPSON Stylus Photo R320 Series] "c:\winnt\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE" /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
mRun: [DIGStream] "c:\program files\digstream\digstream.exe"
mRun: [DIGServices] "c:\program files\espnruntime\DIGServices.exe" /brand=ESPN /priority=0 /poll=24
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\winnt\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
dRunOnce: [SetDefaultMidi] MIDIDEF.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\verizo~1.lnk - c:\program files\verizon online\supportcenter\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zyxelg~1.lnk - c:\program files\zyxel\zyxel g-220 v2 wireless adapter utility\ZyXEL G-220 v2.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - c:\program files\verizon online\verizon online control pad\VerizonControlPad.Exe
IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\winnt\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: Yahoo! Word Racer - [You must be registered and logged in to see this link.]
DPF: {205FF73B-CA67-11D5-99DD-444553540006} - [You must be registered and logged in to see this link.]
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - [You must be registered and logged in to see this link.]
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - [You must be registered and logged in to see this link.]
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - [You must be registered and logged in to see this link.]
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - [You must be registered and logged in to see this link.]
Notify: igfxcui - igfxsrvc.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 ATMhelpr;ATMhelpr;c:\winnt\system32\drivers\ATMHELPR.SYS [2005-7-20 4064]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\SAVRTPEL.SYS [2004-1-16 37056]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-1-16 255136]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-1-16 234656]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2003-8-17 158664]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2007-5-17 3379264]
R2 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;c:\winnt\system32\ZDCndis5.sys [2007-7-18 19072]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040407.017\NAVENG.Sys [2004-4-7 67752]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040407.017\NavEx15.Sys [2004-4-7 598632]
R3 SAVRT;SAVRT;c:\program files\norton antivirus\SAVRT.SYS [2004-1-16 308416]
S2 SBService;scriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2003-6-24 66784]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-1-16 87200]
S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVSCAN.EXE [2004-1-16 193816]
S3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\winnt\system32\drivers\WlanGZXP.SYS [2007-7-18 402944]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]

=============== Created Last 30 ================

2009-04-19 13:21 --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-04-19 13:21 15,504 a------- c:\winnt\system32\drivers\mbam.sys
2009-04-19 13:21 38,496 a------- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-04-19 13:21 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-19 13:21 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-19 11:01 410,984 a------- c:\winnt\system32\deploytk.dll
2009-04-19 11:01 73,728 a------- c:\winnt\system32\javacpl.cpl
2009-04-15 06:47 283,648 -------- c:\winnt\system32\dllcache\pdh.dll
2009-04-15 06:47 60,416 -------- c:\winnt\system32\dllcache\colbact.dll
2009-04-15 06:47 399,360 -------- c:\winnt\system32\dllcache\rpcss.dll
2009-04-15 06:47 473,088 -------- c:\winnt\system32\dllcache\fastprox.dll
2009-04-15 06:47 453,120 -------- c:\winnt\system32\dllcache\wmiprvsd.dll
2009-04-15 06:47 227,840 -------- c:\winnt\system32\dllcache\wmiprvse.exe
2009-04-15 06:47 110,592 -------- c:\winnt\system32\dllcache\services.exe
2009-04-15 06:47 616,960 -------- c:\winnt\system32\dllcache\advapi32.dll
2009-04-15 06:47 714,752 -------- c:\winnt\system32\dllcache\ntdll.dll
2009-04-15 06:46 215,552 -------- c:\winnt\system32\dllcache\wordpad.exe
2009-04-08 23:57 --d----- c:\program files\iTunes
2009-04-08 23:57 --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-03-22 18:59 --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-22 18:52 1,900,544 a------- c:\winnt\system32\usbaaplrc.dll
2009-03-22 18:52 36,864 a------- c:\winnt\system32\drivers\usbaapl.sys
2009-03-22 18:40 --d----- c:\program files\Bonjour

==================== Find3M ====================

2009-04-16 18:34 41,098 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2009-04-15 12:33 22,640 a------- c:\docume~1\owner\applic~1\ViewerApp.dat
2009-03-21 09:18 986,112 -------- c:\winnt\system32\dllcache\kernel32.dll
2009-03-19 16:32 23,400 a------- c:\winnt\system32\drivers\GEARAspiWDM.sys
2009-03-06 09:44 283,648 a------- c:\winnt\system32\pdh.dll
2009-03-02 19:18 826,368 a------- c:\winnt\system32\wininet.dll
2009-03-02 19:18 826,368 a------- c:\winnt\system32\dllcache\wininet.dll
2009-02-27 23:54 636,072 -------- c:\winnt\system32\dllcache\iexplore.exe
2009-02-20 05:20 70,656 a------- c:\winnt\system32\dllcache\ie4uinit.exe
2009-02-20 05:20 13,824 -------- c:\winnt\system32\dllcache\ieudinit.exe
2009-02-20 00:14 161,792 a------- c:\winnt\system32\dllcache\ieakui.dll
2009-02-09 05:20 723,456 a------- c:\winnt\system32\lsasrv.dll
2009-02-09 05:20 399,360 a------- c:\winnt\system32\rpcss.dll
2009-02-09 05:20 723,456 -------- c:\winnt\system32\dllcache\lsasrv.dll
2009-02-09 05:20 714,752 a------- c:\winnt\system32\ntdll.dll
2009-02-09 05:20 616,960 a------- c:\winnt\system32\advapi32.dll
2009-02-09 05:19 1,846,272 a------- c:\winnt\system32\win32k.sys
2009-02-09 05:19 1,846,272 -------- c:\winnt\system32\dllcache\win32k.sys
2009-02-06 12:24 2,180,480 -------- c:\winnt\system32\dllcache\ntoskrnl.exe
2009-02-06 12:22 2,136,064 a------- c:\winnt\system32\ntoskrnl.exe
2009-02-06 12:22 2,136,064 -------- c:\winnt\system32\dllcache\ntkrnlmp.exe
2009-02-06 12:14 110,592 a------- c:\winnt\system32\services.exe
2009-02-06 11:54 35,328 a------- c:\winnt\system32\sc.exe
2009-02-06 11:54 35,328 a------- c:\winnt\system32\dllcache\sc.exe
2009-02-06 11:49 2,015,744 a------- c:\winnt\system32\ntkrnlpa.exe
2009-02-06 11:49 2,057,728 -------- c:\winnt\system32\dllcache\ntkrnlpa.exe
2009-02-06 11:49 2,015,744 -------- c:\winnt\system32\dllcache\ntkrpamp.exe
2009-02-03 15:08 55,808 a------- c:\winnt\system32\secur32.dll
2009-02-03 15:08 55,808 -------- c:\winnt\system32\dllcache\secur32.dll
2008-03-29 11:21 117,592 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2007-03-07 19:10 56,912 a------- c:\documents and settings\owner\g2mdlhlpx.exe
2006-11-30 20:57 630,784 a------- c:\documents and settings\owner\chatlnk.exe
2004-10-25 18:31 56 -c-shr-- c:\winnt\system32\A6A088FB89.sys
2004-10-25 18:31 1,682 ac-sh--- c:\winnt\system32\KGyGaAvL.sys

============= FINISH: 15:11:40.37 ===============

kmiller313
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-04-19
OS OS : xp
Points Points : 27880
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected by a trojan

Post by Belahzur on Sun Apr 19, 2009 8:18 pm

Hello.
Looks good, but I need to see what's installed.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: infected by a trojan

Post by kmiller313 on Sun Apr 19, 2009 9:09 pm

Hello.
Save List....
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat Reader 3.01
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe PhotoDeluxe Home Edition 3.1
Adobe Type Manager 4.0
Adobe® Photoshop® Album Starter Edition 3.2
Ahead Nero BurnRights
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 4
Arthur's Thinking Games
Bonjour
BUM
CC_ccStart
ccCommon
CCleaner (remove only)
Coupon Printer for Windows
Creative Driver
Critical Update for Windows Media Player 11 (KB959772)
Disney's Toontown Online
DivX Player
DivX Pro Trial
DoMore
DVD
EPSON CardMonitor
EPSON PhotoCenter
EPSON PhotoStarter3.0
EPSON Print CD
EPSON Printer Software
EPSON Web-To-Page
ESPN RunTime
ESPR320 Reference Guide
Excavation from Gateway (remove only)
Film Factory
Gateway Ink Monitor
Gateway Rhapsody
Glary Registry Repair 3.0
Google Earth
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Image Transfer
ImageMixer for Sony
Intel(R) 537EP Data Fax Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
InterActual Player
iPod Update 2004-04-28
iTunes
Java(TM) 6 Update 13
LiveReg (Symantec Corporation)
LiveUpdate 2.0 (Symantec Corporation)
Macromedia Flash Player
Malwarebytes' Anti-Malware
MathPlayer
Medal of Honor Allied Assault
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Express 7.0
Microsoft Picture It! Photo Premium 9
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MicroStaff WINASPI
MobileMe Control Panel
MSN Music Assistant
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MUSICMATCH® Jukebox
Need2Find Bar
Nero OEM
Netflix Movie Viewer
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
NVIDIA Drivers
Orbital from Gateway (remove only)
Otto from Gateway (remove only)
Overball from Gateway (remove only)
PC-Doctor for Windows
Picture Package
Picture Package Music Transfer
Polar Bowler from Gateway (remove only)
Print Lab Series
Professor Franklin
QuickTime
Reader Rabbit's 1st Grade
RealPlayer
Registry Mechanic 7.0
Roxio Easy DVD Copy
Safari
Scholastic's I SPY Spooky Mansion
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Shockwave
Shutterfly Studio
Slyder from Gateway (remove only)
Smart Link 56K Modem
Sony Picture Utility
Sony USB Driver
Spy Sweeper
Symantec Script Blocking Installer
SymNet
U.B. Funkeys
Uninstall Dual Mode Camera
Unity Web Player
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Verizon Online Control Pad
Verizon Online Help and Support
Verizon Online Support Center
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
Visual IP InSight(Verizon Online)
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Wizard101
Yahoo! Photos Easy Upload Tool 1v7
ZyXEL G-220 v2 Wireless Adapter Utility

kmiller313
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-04-19
OS OS : xp
Points Points : 27880
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected by a trojan

Post by Belahzur on Sun Apr 19, 2009 9:25 pm

I see you have Viewpoint Manager, this is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". See [You must be registered and logged in to see this link.] and [You must be registered and logged in to see this link.] for more info.

I suggest you remove the program now.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • Need2Find Bar
  • Viewpoint Manager (Remove Only)
  • Viewpoint Media Player
  • Viewpoint Toolbar
  • WildTangent Web Driver
Then please find and delete this folder in bold (if present):
C:\Program Files\Viewpoint


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: infected by a trojan

Post by kmiller313 on Sun Apr 19, 2009 11:19 pm

Thank you!
It won't allow me to remove Need2Find Bar. A message comes up that says the specified module cannot be found.
Everything else is gone.

kmiller313
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-04-19
OS OS : xp
Points Points : 27880
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected by a trojan

Post by Belahzur on Mon Apr 20, 2009 12:45 am

Okay, doesn't matter then.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum