Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help w/ferocious... Trojan Horse generic2.


  • Please log in to reply

#1
paydaydoc

paydaydoc

    Member

  • Member
  • PipPip
  • 19 posts
Hello!
Thank you so much for being available to us! I aquired the lovely Trojan Horse Generic2. about 3 days ago and it has been making my life a bowl full of cherries. Nothing I do gets rid of it completely. I have done everything ya'll asked before posting so here goes with the info. (The last thing I have left is the SP2, but ya'll said not to install it if you still have a malware, so I did not install it.)
If you can please help, I would be sooooooooooooooo appreciative!

Lori :whistling:)


Logfile of HijackThis v1.99.1
Scan saved at 3:56:48 PM, on 10/16/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\System32\kernels8.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lori Sims-Martinez\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presari...t...c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...t...c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presari...t...c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: XBTP07994 - {78FF8577-D6CA-40b1-A0EB-4DD4D4082941} - C:\PROGRA~1\FREETR~1\SINGLE~1.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Free Traffic Bar by E-Business Tutor - {020B192B-60FC-4301-BFD4-9D86668D3FF8} - C:\Program Files\Free Traffic Bar by E-Business Tutor\singlebar.dll (file missing)
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Advisor - {9CC2BCE3-96A9-4F2E-A6A4-2B45D93C2FA6} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: Yahoo! Literati - http://download2.gam...nts/y/tt4_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1136589605718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136589591953
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

And here is the other stuff if you need it to, (which some of this I never heard of...LOL:

Incident Status Location

Adware:Adware/Adsmart Not disinfected c:\windows\system32\kernels8.exe
Adware:adware/coolsavings Not disinfected Windows Registry
Adware:adware/spysheriff Not disinfected Windows Registry
Adware:adware/bravesentry Not disinfected Windows Registry
Adware:Adware/BraveSentry Not disinfected C:\Documents and Settings\Lori Sims-Martinez\Application Data\Install.dat
Dialer:Dialer.HRC Not disinfected C:\Documents and Settings\Lori Sims-Martinez\Local Settings\Temp\5.dlb
Adware:Adware/Adsmart Not disinfected C:\lo-1507609007.exe
Adware:Adware/Adsmart Not disinfected C:\t.inx
Adware:Adware/Adsmart
  • 0

Advertisements


#2
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Hi paydaydoc

Welcome to GTG! :whistling:
  • Please go here using Internet Explorer.
  • Click on "Windows Validation Assistant"
  • Click on the "Validate Now" button.
  • Be patient while the ActiveX loads, do not click on any links.
  • Read the instructions on this page while it's loading. You will be prompted to install - click YES.
  • Enter your product key then click "continue"
  • When it says "Validation Complete" please click "Continue to return to your previous activity"
  • Copy what it says and paste it here.

  • 0

#3
paydaydoc

paydaydoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ok...after following your instructions, here it what it said:



Your Certificate of Authenticity does not appear to exhibit Microsoft’s anti-piracy features.

These features are designed to reduce counterfeiting, as well as resist inadvertent damage and tampering. Lack of these features may indicate a problem. Microsoft recommends you contact your local Microsoft Anti-Piracy Hotline for additional information.


Next Step: Compare Anti-Piracy Features on Your CD
To find out which kind of software CD you should have received with your Microsoft Windows operating system, you must answer the following question regarding your COA.


Do the words 'OEM Product' appear beneath the product name in the center of your Certificate of Authenticity?
Yes No



You should have received a recovery solutions CD from your PC manufacturer. To verify that the recovery solutions CD that came with your PC is genuine, please contact your PC manufacturer.


You should have received a Microsoft Windows hologram CD with your PC. Your hologram CD should contain anti-piracy features which can be compared to genuine Microsoft hologram CDs.






More Information
If you would like more information about the costs and dangers of software piracy and why you should care, please visit our "why you should care" and "what you can do" pages. If you are a Software Reseller or OEM System Builder, please visit our Software Reseller page.
  • 0

#4
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
That isn't what I wanted. You need to follow the directions I posted above exactly as they are written to get what I am looking for. Please do that.
  • 0

#5
paydaydoc

paydaydoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I tried to but when active x went in, it scanned my computer and sid that it appeared to have a valid code. I honestly didn't see anywhere that it said to put in a product key code. I'll try again I guess
  • 0

#6
paydaydoc

paydaydoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ok...I tried again and it never gives me a place to put my product key code. It automatically checks for validation and says that it appears to be valid but it can't tell so I need to check with my distributor of the computer. What else can I do?
  • 0

#7
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
It works if you follow the directions. I don't know what else to tell you.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP