Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojans that i can't get rid of.

Started by WINDWALKER , Nov 17 2007 09:35 PM

  • Please log in to reply

#1
WINDWALKER
Posted 17 November 2007 - 09:35 PM

WINDWALKER

    New Member

  • Member
  • Pip
  • 1 posts
so i have a problem i noticed my father in law's computer was running slow and the computer is less than ia year old. and after downlaoding another spy removal i found a trojan called trojan 2093 and i couldn't get rid of it i tried other test's and it still came up as a trojan. when i used spyware fighter it has come up with 3 trojans which you can remove it says along with some cookies. but they still keep coming up on the scan! so some how i got to your site and i ran a scan that someone else was reccomended called a combofix and this is the results:


ComboFix 07-11-08.1 - HP_Administrator 2007-11-17 20:47:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.442 [GMT -6:00]
Running from: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\FVY2P0LU\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\x64
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


((((((((((((((((((((((((( Files Created from 2007-10-18 to 2007-11-18 )))))))))))))))))))))))))))))))
.

2007-11-17 20:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-17 18:48 <DIR> d-------- C:\Program Files\SPYWAREfighter
2007-11-17 18:48 <DIR> d-------- C:\Program Files\Common Files\Application
2007-11-17 18:31 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-17 18:31 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\PC Tools
2007-11-17 18:31 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-17 18:31 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-17 18:31 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-17 18:31 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-17 18:31 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-17 16:22 <DIR> d-------- C:\Program Files\Acceleration Software
2007-11-17 16:21 <DIR> d-------- C:\Program Files\eAcceleration
2007-11-17 16:21 <DIR> d-------- C:\Program Files\Common Files\eAcceleration
2007-11-17 16:21 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\eAcceleration
2007-11-17 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eAcceleration
2007-11-16 12:08 <DIR> d-------- C:\Program Files\Common Files\Research In Motion
2007-11-16 12:05 <DIR> d-------- C:\WINDOWS\_is165
2007-11-16 11:57 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Research In Motion
2007-11-15 18:26 56 -r-hs---- C:\WINDOWS\system32\1938CD1FDA.sys
2007-11-15 18:24 <DIR> d-------- C:\Program Files\Common Files\Jasc Software Inc
2007-11-15 18:24 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Jasc Software Inc
2007-11-15 18:21 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-15 18:20 <DIR> d-------- C:\Program Files\Jasc Software Inc
2007-11-12 18:07 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\WinBatch
2007-11-06 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FunGames
2007-10-25 16:45 <DIR> d-------- C:\users
2007-10-25 16:45 <DIR> d-------- C:\Program Files\RealArcade
2007-10-25 16:45 <DIR> d-------- C:\My Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-18 02:02 --------- d-----w C:\Program Files\Trillian
2007-11-17 04:03 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2007-11-16 21:07 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\MSN6
2007-11-16 17:41 170 -c--a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-11-13 16:36 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-13 01:52 --------- d-----w C:\Program Files\LimeWire
2007-11-13 01:20 --------- d-----w C:\Program Files\Yahoo!
2007-11-13 01:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-13 01:17 --------- d-----w C:\Program Files\Coupons
2007-11-13 01:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-12 23:53 --------- d-----w C:\Program Files\Java
2007-10-16 15:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-13 04:59 --------- d-----w C:\Program Files\The Weather Channel FW
2007-10-13 03:10 --------- d-----w C:\Program Files\AskPBar
2007-10-07 19:23 --------- d-----w C:\Program Files\HP Games
2007-10-02 04:42 --------- d-----w C:\Program Files\DISC
2007-10-02 02:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-02 02:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-02 02:14 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2007-10-02 02:13 --------- d-----w C:\Program Files\Symantec
2007-10-02 02:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2007-01-26 23:34 251 -c--a-w C:\Program Files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 22:01]
"ftutil2"="ftutil2.dll" [2004-06-07 15:05 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 21:05 C:\WINDOWS\RTHDCPL.EXE]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-23 13:44]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-23 13:40]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 15:15]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 10:05]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 23:34]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 03:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-20 11:00]
"QUICKCARE"="C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" [2006-11-07 21:07]
"VX6000"="C:\WINDOWS\vVX6000.exe" [2006-06-29 17:55]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 00:50]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-10-01 08:53]
"SoftwareStation"="C:\Program Files\eAcceleration\Station\station.exe" [2007-05-08 18:12]
"StopSignSsTsMon"="C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll" [2007-11-01 10:58]
"StopSignSsSsMon"="C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll" [2007-11-01 10:58]
"webscan"="C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" [2007-11-05 14:02]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 19:45]
"RegPowerClean"="C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"StopSignSsSsMon"=Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus /ro

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-10-20 11:15:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\Userinit.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R1 MSFWHLPR;MSFWHLPR;C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys
R2 MSFWDrv;MSFWDrv;C:\WINDOWS\system32\DRIVERS\msfwdrv.sys
R2 msfwsvc;OneCare Firewall;"C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe"
R2 OneCareMP;OneCare AntiSpyware and AntiVirus;"C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe"
R3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter.sys
R3 SpyFighter;SpyFighter Guard Device;\??\C:\Program Files\SPYWAREfighter\spyfighter.sys
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe"
R3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys
S3 GameConsoleService;GameConsoleService;"C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe"

.
Contents of the 'Scheduled Tasks' folder
"2007-11-18 02:02:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-11-14 09:07:28 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2007-11-17 15:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 20:53:59
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-17 20:56:24 - machine was rebooted
.
--- E O F ---





and i still have the trojans. so i came back here and downloaded super anti spyware and it came back with 2 tracking cookies and a cleaner trial so far what else can i do?
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP