ComputerForum.com ComputerForum.com  

Go Back   Computer Forum > Computer Software > Computer Security
trojan wont go away even with trojan remover trojan wont go away even with trojan remover
Register FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 02-26-2008, 12:41 PM   #1 (permalink)
Bronze Member
 
Join Date: Dec 2007
Posts: 30
Default trojan wont go away even with trojan remover
This is the trojan remover log plz tell me wat 2 do. Theres more 2 this but the website wont let me put the whole log on here it says its 2 many characters. Anyway if this isnt wat u need plz tell me which parts of the log i need 2 post thx
================================================== ================
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.7.2517. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 2/26/2008 12:32:49 PM
Using Database v6941
Operating System: Windows XP SP2 [Windows XP Home Edition Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Owner\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\Owner\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges


**************************************************
The following Anti-Malware program(s) are loaded:
[AV Warnings are suppressed]
AVG Anti-Spyware

**************************************************


**************************************************
12:32:49 PM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

**************************************************
12:32:50 PM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

**************************************************
12:32:50 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
12:32:51 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033216 bytes
Created: 12/8/2007
Modified: 6/13/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
24576 bytes
Created: 12/7/2007
Modified: 8/4/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 12/8/2007
Modified: 8/4/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: hpsysdrv
Value Data: c:\windows\system\hpsysdrv.exe
c:\windows\system\hpsysdrv.exe
52736 bytes
Created: 2/20/2003
Modified: 5/8/1998
Company: Hewlett-Packard Company
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
126976 bytes
Created: 8/20/2004
Modified: 6/21/2005
Company: Intel Corporation
--------------------
Value Name: Share-to-Web Namespace Daemon
Value Data: c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
69632 bytes
Created: 4/18/2002
Modified: 4/18/2002
Company: Hewlett-Packard
--------------------
Value Name: KBD
Value Data: C:\HP\KBD\KBD.EXE
C:\HP\KBD\KBD.EXE
61440 bytes
Created: 2/20/2003
Modified: 7/7/2001
Company: Hewlett-Packard Company
--------------------
Value Name: Recguard
Value Data: C:\WINDOWS\SMINST\RECGUARD.EXE
C:\WINDOWS\SMINST\RECGUARD.EXE
212992 bytes
Created: 2/20/2003
Modified: 9/14/2002
Company:
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
372736 bytes
Created: 2/20/2003
Modified: 9/10/2002
Company: NVIDIA Corporation
--------------------
__________________
GRAW 2 PROFESSIONAL SNIPER
Last edited by wargamedt; 02-26-2008 at 12:43 PM. Reason: more info
wargamedt is offline   Reply With Quote


Old 02-26-2008, 12:49 PM   #2 (permalink)
Diamond Member
 
ghost's Avatar
 
Join Date: Sep 2005
Posts: 2,093
Default
Could you post a hijackthis log please.

Download hijackthis here.

Run the software, do a scan and save log, copy the log content and post here.
__________________
ASUS A8N SLi Deluxe
Corsair 2GB DDR XMS3200XL Pro TwinX (4x512MB)
AMD Athlon 64 X2 939 4600+ @ 2.6 Ghz
ATi Radeon HD 3850 @ 680/844
80GB SATA HDD/200GB PATA HDD
1x DVDRW DL
485W PSU, Alpha watercooling
ghost is offline   Reply With Quote
Old 02-26-2008, 12:57 PM   #3 (permalink)
Bronze Member
 
Join Date: Dec 2007
Posts: 30
Default
Quote:
Originally Posted by ghost View Post
Could you post a hijackthis log please.

Download hijackthis here.

Run the software, do a scan and save log, copy the log content and post here.
================================================== ========
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:03:52 PM, on 2/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CallingID\Light\CIDGlobalLight.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: MySidesearch Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {45C2A50F-8F4A-496E-AF02-D0207525BF5A} - C:\WINDOWS\system32\jkkjjjk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ED782DC9-3957-48B7-871A-E2D2E8DDB1C5} - C:\WINDOWS\system32\vtutq.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe " -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: jkkjjjk - C:\WINDOWS\SYSTEM32\jkkjjjk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9942 bytes
__________________
GRAW 2 PROFESSIONAL SNIPER
wargamedt is offline   Reply With Quote
Old 02-26-2008, 01:00 PM   #4 (permalink)
Diamond Member
 
ghost's Avatar
 
Join Date: Sep 2005
Posts: 2,093
Default
Yup you have some nasties in there, I will reply soon (hopefully with a solution) if not someone else will.
__________________
ASUS A8N SLi Deluxe
Corsair 2GB DDR XMS3200XL Pro TwinX (4x512MB)
AMD Athlon 64 X2 939 4600+ @ 2.6 Ghz
ATi Radeon HD 3850 @ 680/844
80GB SATA HDD/200GB PATA HDD
1x DVDRW DL
485W PSU, Alpha watercooling
ghost is offline   Reply With Quote
Old 02-26-2008, 05:10 PM   #5 (permalink)
Bronze Member
 
Join Date: Dec 2007
Posts: 30
Default
Quote:
Originally Posted by ghost View Post
Yup you have some nasties in there, I will reply soon (hopefully with a solution) if not someone else will.
actually no need I emailed simply super software the company that makes the trojan remover program and he emailed me an attachment which when added to trojan remover effectively removes this virus. But thanks for looking into it all the same.
__________________
GRAW 2 PROFESSIONAL SNIPER
wargamedt is offline   Reply With Quote


Old 02-26-2008, 08:48 PM   #6 (permalink)
Diamond Member
 
GameMaster's Avatar
 
Join Date: Dec 2007
Location: Croatia
Age: 17
Posts: 3,972
Default
OK, if you have any problems and need some help, please post a new HijackThis log ( scanned right before you post here, of course ).
Please be sure to download it from here this time.
__________________
dznutz:
Quote:
a firewall is like a gate. it keeps the bad people out and the dog in but it's not fool proof. but lets say you download and run an infected program. that will be like letting in a "friend." if it's infected you run that program you can get malware. that's like a friend raping your family and stealing your money.
GameMaster is offline   Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
System Alert!! Fake! Re: anti-vermins.com J_D Computer Security 5 01-07-2007 01:36 PM
Trojan Horse Win32:Delf-Ado problem SirJay Computer Security 13 05-08-2006 05:44 PM
Looking for good trojan remover.. Hobo_man Computer Security 1 01-01-2006 05:00 AM
Trojan Remover samurai340 General Computer Chat 1 03-30-2005 03:46 PM
how to remove a trojan Emptyevergreen Internet Discussion 4 08-21-2004 09:44 PM


All times are GMT +1. The time now is 11:47 PM.

Contact Us - Computer Forum - Sitemap - Top

Powered by: vBulletin Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.0 ©2009, Crawlability, Inc.
Copyright © 2002-2009 Computer Forum - Internet Business - Web Design Forum