Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan Removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Trojan Removal

Unread postby Greyhound » December 19th, 2007, 3:11 pm

Is this what you need from under line 10 in Step 1.

viewtopic.php?f=11&t=26041
Greyhound
Regular Member
 
Posts: 28
Joined: December 11th, 2007, 8:39 pm
Advertisement
Register to Remove

Re: Trojan Removal

Unread postby Greyhound » December 19th, 2007, 8:14 pm

I hope this is what you need.

Link:
viewtopic.php?f=11&t=26041

AVG Scan Report:
Created at: 7:03:27 PM 12/19/2007

+ Scan result:



C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP434\A0033217.exe -> Backdoor.Agent.cxf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP422\A0029769.exe -> Proxy.Wopla.ac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP423\A0030785.exe -> Proxy.Wopla.ac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP423\A0031243.exe -> Proxy.Wopla.ao : Cleaned with backup (quarantined).


::Report end

HijackThisLog:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:03 PM, on 12/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Rush 24-7 Media Center\Rush 24-7 Media Center.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O3 - Toolbar: optionsXpress Toolbar - {63CC63C6-1AE1-491C-B96A-812A7950A1EC} - C:\Program Files\optionsXpress\optionsXpress Toolbar\optionsXpressToolbar.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R800 (Copy 1)] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE" /P32 "EPSON Stylus Photo R800 (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Digital Patrol Update 5] "C:\Program Files\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe" /autoupdate
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Carbonite Backup] "C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [The Rush Limbaugh Show] "C:\Program Files\Rush 24-7 Media Center\Rush 24-7 Media Center.exe" /noopen
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.1.74.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3218979578
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {AF9104F7-D6E9-46CC-8FBF-BBE2FB05E3CF} - https://www.optionsxpress.com/toolbox/t ... oolbar.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C791E32C-20A5-45AD-8A3B-425A2E65F157}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (http://www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nb) (pr2ah4nb) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nb.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10290 bytes
Greyhound
Regular Member
 
Posts: 28
Joined: December 11th, 2007, 8:39 pm

Re: Trojan Removal

Unread postby ndmmxiaomayi » December 19th, 2007, 11:59 pm

Hi Greyhound,

Not the right link, but I found it.

Here's the one which I wanted - http://thespykiller.co.uk/index.php?topic=5523.0

Please go to Kaspersky website and perform an online antivirus scan. Please use Internet Explorer as it uses ActiveX.

  1. Click on Kaspersky Online Scanner button.
  2. Read through the requirements and privacy statement and click on Accept button.
  3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
  4. When the downloads have finished, click on Next button.
  5. Click on Scan Settings button.
  6. Select extended under Scan using the following antivirus database:
  7. Check (tick) these boxes under Scan options:
    • Scan Archives
    • Scan Mail Bases
  8. Click OK
  9. Click on My Computer under Please select a target to scan:
  10. Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
  11. Copy and paste this log in your next reply.

In your next reply, please post:

  1. Kaspersky Antivirus scan report
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Trojan Removal

Unread postby Greyhound » December 20th, 2007, 1:36 pm

Sorry for not sending you the correct link.

Kaspersky:
KASPERSKY ONLINE SCANNER REPORT
Thursday, December 20, 2007 12:30:33 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/12/2007
Kaspersky Anti-Virus database records: 490471
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 218185
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 01:33:30

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12082007-221106.log Object is locked skipped
C:\Documents and Settings\Jack Williams\Application Data\Premiere\Rush 24-7 Media Center.log Object is locked skipped
C:\Documents and Settings\Jack Williams\Application Data\Webroot\Spy Sweeper\Logs\071220092525.ses Object is locked skipped
C:\Documents and Settings\Jack Williams\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jack Williams\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Jack Williams\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jack Williams\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jack Williams\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jack Williams\Local Settings\History\History.IE5\MSHist012007122020071221\index.dat Object is locked skipped
C:\Documents and Settings\Jack Williams\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jack Williams\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jack Williams\My Documents\Unpack\jvmsecman.jar-69ee0e0e-1faff2bd.zip/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skipped
C:\Documents and Settings\Jack Williams\My Documents\Unpack\jvmsecman.jar-69ee0e0e-1faff2bd.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jack Williams\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jack Williams\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS021AAD33-238B-4C60-B974-F16B3C7EB3F4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS052FBC8B-FAF3-457E-A04B-0E82684E8A5D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS06F97BD9-76FC-4372-AA9E-70736BD95CB1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS072E564D-A830-4003-90D0-E19AAEBC3449.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS081B076E-12BC-4800-BA16-50E8C26C47D6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0B84E776-E2F3-46A3-AA9C-1CB661F8A0C7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0DC09DA7-FDE6-499D-9109-437C5A142E68.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0E8B4C77-2006-4824-B139-FB1C6888E8BD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0FC4AB9E-32D9-494A-8167-E1E5C2A0DE53.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS12E835F1-BA9C-4E47-9A9D-62C0783BA665.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS21FCB542-FF8D-4A81-B692-F933BCC59753.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS227A1B97-7229-419E-B696-DB798463DAA2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2563DFE8-A8A0-457A-9E83-02AF252AC507.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2BAF4AA5-AFD5-4CCE-BD81-40E96738D5A9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS373604CB-D697-4598-B224-09A56183346C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS37999399-51B8-4E31-8699-301CAD2006A4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS384DEB12-A03F-4CEC-9BD3-4516BC235D86.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS38EE056D-A7BE-4785-8D58-AE822C7853E8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3AA12AE1-17C5-46EC-B2A7-18327F61DED4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3DA2831B-A450-40B7-8835-F2C783E7D881.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3F202CA6-D2DD-4420-B8E8-8B9E2C3AF4BC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3FB5CC06-5E29-401F-BCF1-5117F25A8A40.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS412E34FF-CFAF-4C57-BFDF-851D3FEF60EA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS41ABCA9C-3D3D-440A-812F-3F62152EE1A3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS420A3C1C-D190-4DDC-A771-851432C662A0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS43A9FF9A-E1D8-4D77-A107-6D0EA1BBAFB8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS442DA84D-4B32-4D70-88C2-E8108D5799C2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS46322EE3-ACF8-47E2-AF23-C26262181DF4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS47A1652A-119F-403A-AF70-65116C1BE657.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4B343252-0C88-4D62-9B69-FF71EF6F6805.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4C878807-2FC7-482B-AB16-4D1813219FCC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS54C49697-DBC0-46A9-9020-398A4DA79D46.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5DE36CBC-0D07-4893-AB8C-6616CA082D4D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS60BB2D5A-0631-424B-89B8-2EFF18E8DE64.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6B27298C-8B8A-4C5A-B205-467116AB97EC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6CB756A3-CF12-47B0-8377-9EE5CD180C6C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6E50279F-68A3-48A3-97AB-E373D9E26237.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7079AD42-1BF7-44BF-B225-F23C0D8A90DF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS712650E9-674D-441B-BDC2-5A5383B2BA60.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS726E85E0-93FA-4D34-9252-FEDE6FCA1DCE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7480721E-E48B-45D0-83B8-B13B5AC9D856.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS76FF9C96-54DA-46CF-B5D2-2E6A65C928BA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS78A8C111-FD85-442A-915F-069952CBD868.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7A7768A2-09C7-4570-90E1-33F181CCB633.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7B7D2237-F2E8-424C-A638-51253FCC54A7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7CAF737F-A4BA-44D2-94BA-6AE68CEBE3AF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7CF5AF34-34DC-4967-A9F8-C5B87A67DEA3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7F3310D1-AFA2-481B-BD12-C84FBDBBD634.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS80EAF6F4-73B9-415C-AC10-81DF6549A0AC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8387F79F-AF4A-4439-8CD6-6DA7F416DF39.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8550A856-2EE6-4CC9-8CAA-B35C54196815.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS87740943-8302-4B3C-B416-D4B7635EED0A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8B14C2D8-D97E-429A-81B4-C33F666C2739.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8BFD7238-EE3A-4FD6-B340-4FBCD64371CB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8E82B918-CF31-4703-9F05-BD18D31EFD17.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS97AE47BC-84E3-4362-9BC1-BC542CC87419.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA1E83364-0461-410D-9E25-89CA8A980CE7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA24D1A81-181B-4ADA-826A-CD67B7FD5F8F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA299FE77-7765-4D73-8C1A-E7140DD9E859.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA3AF88C5-58A9-455D-9744-BC4AF316F8B7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA4379B16-512A-4611-BC42-8091895B6483.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA46BD42D-F78A-41C1-99B7-E6591E0E743A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA6E64F02-F2E5-4709-AA5B-91C01EE9880F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA8AF5D63-0302-4044-B402-457FC879A980.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAA622FD8-9A8C-4AC3-98DB-DE4F550E893B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB261B98B-F118-4AF5-A2A2-7A679094894B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB54BAF63-14F9-4239-BC01-2732C70A34D8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBD66F13F-F24C-44AE-B94A-77BF908266F5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBFA0A8C6-D8A5-48A7-8B23-D9AAC2260042.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC0230956-0279-4484-82C1-F6552A0D41C4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC2FC9C03-D42D-4DF7-8199-7DD2515893C8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC997F017-C381-48B5-8175-76A81D1DF31F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCA21B1B5-5332-45D4-98A4-9424DFCF36E4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCA886560-D369-4395-B959-B2D443417E3B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCF49B611-FD25-431A-AFB0-86D0059A6608.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCFBC2757-DDF0-4847-B3F5-25B72D481EB8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCFC5485E-62B4-4B69-83E2-6D298E45788F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD16A4898-7F15-4C89-8602-65949921C403.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD28FEF64-8860-4DEA-93A9-8F3CFCAAC3A4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD405F1E9-C019-493D-B3E8-8A22B9CFE381.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDCEB450D-57F8-4D87-BB1A-070A32893030.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDD73A381-CA92-49AE-8BAA-0FE12A043688.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEBD47D6B-C2D7-4C2F-9F56-0CFB722DB5A4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF0F1A1DB-4102-48D6-8F85-2C937FFA4825.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF46D98C7-EBB1-4DC2-BFBF-F2FF64E2D022.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF4FDF2F5-4D0A-4A4C-8EEB-0AFE0266B823.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF6C46784-0875-40EF-91CC-A6751EC40A4D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF9910D9E-2CC3-4C8F-9487-7DA680A4D687.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFE64B632-58C1-4357-A4C5-1F68B32B8E43.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Proantivirus Lab\Digital Patrol Scanner 5.0\Report\ReportU.txt Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\autos.exe.vir Infected: Trojan.Win32.Qhost.zx skipped
C:\qoobox\Quarantine\C\Documents and Settings\Jack Williams\Start Menu\Programs\Startup\infos.exe.vir Infected: Trojan.Win32.Qhost.zx skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP446\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{53BD1DF1-3A5F-43E4-AE2F-77FCB910C626}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\ACEEvent.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-20061102}.CDF Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:07 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rush 24-7 Media Center\Rush 24-7 Media Center.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O3 - Toolbar: optionsXpress Toolbar - {63CC63C6-1AE1-491C-B96A-812A7950A1EC} - C:\Program Files\optionsXpress\optionsXpress Toolbar\optionsXpressToolbar.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R800 (Copy 1)] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE" /P32 "EPSON Stylus Photo R800 (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Digital Patrol Update 5] "C:\Program Files\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe" /autoupdate
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [The Rush Limbaugh Show] "C:\Program Files\Rush 24-7 Media Center\Rush 24-7 Media Center.exe" /noopen
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe
O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.1.74.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3218979578
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {AF9104F7-D6E9-46CC-8FBF-BBE2FB05E3CF} - https://www.optionsxpress.com/toolbox/t ... oolbar.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C791E32C-20A5-45AD-8A3B-425A2E65F157}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nb) (pr2ah4nb) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nb.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10320 bytes
Greyhound
Regular Member
 
Posts: 28
Joined: December 11th, 2007, 8:39 pm

Re: Trojan Removal

Unread postby ndmmxiaomayi » December 20th, 2007, 2:05 pm

Hi Greyhound,

No need to apologetic for the wrong link, I should have been clearer.

Remove Combofix

Click on Start > Run. Copy and paste in ComboFix /u and click OK. An image is below for reference.

Image
____________________

Please delete this file.

C:\Documents and Settings\Jack Williams\My Documents\Unpack\jvmsecman.jar-69ee0e0e-1faff2bd.zip
____________________

Update Java Runtime Environment (JRE)

Your JRE is out of date. The current version is JRE 6u3.

    Click on Start > Control Panel and double click on Add/Remove Programs. Locate Java 2 Runtime Environment, SE v1.4.2_03 and click on Change/Remove button to uninstall it.
  1. Click here to visit Java's website.
  2. Scroll down to Java Runtime Environment (JRE) 6 Update 3. Click on Download.
  3. Select Accept License Agreement. The page will refresh.
  4. Click on Windows Offline Installation, Multi-language and save it to a convenient location.
  5. Run this installation to update your Java.
____________________

There is no sign of a firewall installed on your system. There are several reasons for it.

  1. You are using Windows Firewall.
  2. You are using a hardware firewall.
  3. You have a firewall, but you disabled it.
  4. You don't have a firewall at all.

If you have disabled the firewall, please re-enable it back. If you don't have one, please get ONE firewall and install it. Restart the computer for changes to take effect.

Comodo Personal Firewall
Sunbelt Kerio
Sygate Personal Firewall Free

Please post back a new HijackThis log after installing the firewall and updating your Java.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Trojan Removal

Unread postby Greyhound » December 20th, 2007, 3:50 pm

I assume I was to run the ComboFix/u program? A DOS box came up and said it was uninstalled after i clicked the run button.
I checked my firewall and it appears to be on. If you can't see it I will download one that you recommend.

Thanks,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:44:15 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rush 24-7 Media Center\Rush 24-7 Media Center.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: optionsXpress Toolbar - {63CC63C6-1AE1-491C-B96A-812A7950A1EC} - C:\Program Files\optionsXpress\optionsXpress Toolbar\optionsXpressToolbar.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R800 (Copy 1)] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE" /P32 "EPSON Stylus Photo R800 (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Digital Patrol Update 5] "C:\Program Files\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe" /autoupdate
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [The Rush Limbaugh Show] "C:\Program Files\Rush 24-7 Media Center\Rush 24-7 Media Center.exe" /noopen
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe
O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.1.74.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3218979578
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {AF9104F7-D6E9-46CC-8FBF-BBE2FB05E3CF} - https://www.optionsxpress.com/toolbox/t ... oolbar.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C791E32C-20A5-45AD-8A3B-425A2E65F157}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nb) (pr2ah4nb) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nb.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10397 bytes
Greyhound
Regular Member
 
Posts: 28
Joined: December 11th, 2007, 8:39 pm

Re: Trojan Removal

Unread postby ndmmxiaomayi » December 21st, 2007, 4:50 am

Are you using the Windows Firewall? Windows Firewall is on by default. But it's not good enough. It doesn't check outgoing traffic, so you have no idea of what kind of data is flowing out of the computer or what kind of programs are connecting to the Internet.

Please get one as recommended and post back a new HijackThis log.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Trojan Removal

Unread postby Greyhound » December 21st, 2007, 6:52 pm

I donwloaded the trial version of Sygate Personal Firewall last night and turned off Windows Firewall. The one problem I see is Sygate will ask if I want to block an incoming IP that I have no idea of who it is. I did download a trial of Magic Net Trace so I will have to run a trace on every IP that they ask to block and sometime that doesn't even tell me who it is. Is that what I will have to do or do you have a better suggestion?

Thanks,

Jack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:44:08 PM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rush 24-7 Media Center\Rush 24-7 Media Center.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: optionsXpress Toolbar - {63CC63C6-1AE1-491C-B96A-812A7950A1EC} - C:\Program Files\optionsXpress\optionsXpress Toolbar\optionsXpressToolbar.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R800 (Copy 1)] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE" /P32 "EPSON Stylus Photo R800 (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Digital Patrol Update 5] "C:\Program Files\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe" /autoupdate
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [The Rush Limbaugh Show] "C:\Program Files\Rush 24-7 Media Center\Rush 24-7 Media Center.exe" /noopen
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe
O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.1.74.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3218979578
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {AF9104F7-D6E9-46CC-8FBF-BBE2FB05E3CF} - https://www.optionsxpress.com/toolbox/t ... oolbar.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C791E32C-20A5-45AD-8A3B-425A2E65F157}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nb) (pr2ah4nb) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nb.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10689 bytes
Greyhound
Regular Member
 
Posts: 28
Joined: December 11th, 2007, 8:39 pm

Re: Trojan Removal

Unread postby ndmmxiaomayi » December 22nd, 2007, 12:45 am

Do you know what are the IP addresses?
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Trojan Removal

Unread postby Greyhound » December 22nd, 2007, 7:38 pm

Yes,
192.168.0.195, 208.67.222.222, 192.168.0.195, 204.245.162.25

Thanks,

Jack
Greyhound
Regular Member
 
Posts: 28
Joined: December 11th, 2007, 8:39 pm

Re: Trojan Removal

Unread postby ndmmxiaomayi » December 22nd, 2007, 11:19 pm

Hi Jack,

192.168.0.195 - Probably your home network IP address.

To check, click on the Network icon near the clock, then select the Status tab.

You should see 2 sets of IP addresses there, one is the subnet mask (an IP address that starts with 255), the other one is your home network IP address.

208.67.222.222 - This is the OpenDNS server IP address. I see it in your HijackThis log.

204.245.162.25 - This brings me to http://ntt.net/ . Is this your ISP?
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Trojan Removal

Unread postby Greyhound » December 23rd, 2007, 12:02 am

You'r right 192.168.0.195 is my IP.
208.67.222.222 is the Preferred DNS Server.
My ISP in Time Warner Roadrunner.

The 204.245.162.25 IP is registered to:

Registrant:
Akamai Technologies, Inc.
8 Cambridge Center
Cambridge, MA 02142
US

Domain name: AKAMAITECHNOLOGIES.COM

Administrative Contact:
Hostmaster, Akamai mailto:hostmaster-billing@akamai.com
8 Cambridge Center
Cambridge, MA 02142
US
+1.6174443000 Fax: +1.6174443001

Technical Contact:
Hostmaster, Akamai mailto:hostmaster-billing@akamai.com
8 Cambridge Center
Cambridge, MA 02142
US
+1.6174443000 Fax: +1.6174443001

Registration Service Provider:
Akamai Technologies, mailto:hostmaster@akamai.com
617-444-3000
This company may be contacted for domain login/passwords,
DNS/Nameserver changes, and general domain support questions.

Registrar of Record: TUCOWS, INC.
Record last updated on 18-Jul-2007.
Record expires on 17-Aug-2008.
Record created on 18-Aug-1998.

Registrar Domain Name Help Center:
http://domainhelp.tucows.com

Domain servers in listed order:
YG.AKAMAI.COM
YE.AKAMAI.COM
YF.AKAMAI.COM
YH.AKAMAI.COM
YC.AKAMAI.COM
YD.AKAMAI.COM
ACCESS.AKAMAI.COM

Domain status: clientTransferProhibited
clientUpdateProhibited

The Data in the Tucows Registrar WHOIS database is provided to you by Tucows
for information purposes only, and may be used to assist you in obtaining
information about or related to a domain name's registration record.

Tucows makes this information available "as is," and does not guarantee its
accuracy.

By submitting a WHOIS query, you agree that you will use this data only for
lawful purposes and that, under no circumstances will you use this data to:
a) allow, enable, or otherwise support the transmission by e-mail,
telephone, or facsimile of mass, unsolicited, commercial advertising or
solicitations to entities other than the data recipient's own existing
customers; or (b) enable high volume, automated, electronic processes that
send queries or data to the systems of any Registry Operator or
ICANN-Accredited registrar, except as reasonably necessary to register
domain names or modify existing registrations.

The compilation, repackaging, dissemination or other use of this Data is
expressly prohibited without the prior written consent of Tucows.

Tucows reserves the right to terminate your access to the Tucows WHOIS
database in its sole discretion, including without limitation, for excessive
querying of the WHOIS database or for failure to otherwise abide by this
policy.

Tucows reserves the right to modify these terms at any time.

By submitting this query, you agree to abide by these terms.

NOTE: THE WHOIS DATABASE IS A CONTACT DATABASE ONLY. LACK OF A DOMAIN
RECORD DOES NOT SIGNIFY DOMAIN AVAILABILITY.

Thanks,

Jack
Greyhound
Regular Member
 
Posts: 28
Joined: December 11th, 2007, 8:39 pm

Re: Trojan Removal

Unread postby ndmmxiaomayi » December 23rd, 2007, 1:07 am

If you have Windows Update turned on and it's set to automatically update, it will connect to this IP address (204.245.162.25).

Microsoft uses their services, though I have no idea why they would do this.

Other than that, everything looks fine. OpenDNS is a good service to have. If you don't want to use it, do the following:

  1. Go to Start > Control Panel. Double click on Network Connections.
  2. Right click on your default connection and select Properties.
  3. Select the General tab.
  4. Double click on Internet Protocol (TCP/IP) under This connection uses the following items:
  5. Select Obtain DNS server address automatically.
  6. Click OK twice to save the settings. Reboot when prompted to.
  7. Go to Start > Run and type in cmd.
  8. Type in the following in the code box line by line, pressing Enter after each line:
    Code: Select all
    ipconfig /renew
    ipconfig /flushdns
    exit
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Trojan Removal

Unread postby Greyhound » December 23rd, 2007, 12:38 pm

Thank you. From the programs you had me download (Virus and Firewall) would you reccomend I buy any of them?
Right now I have Spysweeper, Trojand Hunter 5, Digital Pest Patrol, XoftSpySE, and Windows Defender. You had me download AVG Anti Spyware, which I liked and if it is better than the others I have I will buy it, and ATF cleaner. Right now I am running Spygate Firewall but you reccomended a couple others.

Regards,

Jack
Greyhound
Regular Member
 
Posts: 28
Joined: December 11th, 2007, 8:39 pm

Re: Trojan Removal

Unread postby ndmmxiaomayi » December 23rd, 2007, 12:47 pm

Hi Jack,

Trojan Hunter is good. If you want to buy it, that will be good. Same for AVG Antispyware. Most of AVG Antispyware features will still be functioning after the trial ends. Only 2 functions will be missing - Automatic Updates and Realtime Protection. That's why I have you to turn them off. If you buy it, you will have both Automatic Updates and Realtime Protection. AVG Antispyware is updated very regularly, sometimes every few hours.

Spysweeper in my opinion is good too, but it uses up quite a bit of system resources. I wouldn't buy it though.

I've not heard Digital Pest Patrol. Windows Defender is free. XoftSpySE should work fine in the free edition, though I've not tested it out.

ATF Cleaner is free of charge too. You may want to donate to the developer. Here's the donation link - http://www.atribune.org/content/view/34/1/

Sygate is also free.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 289 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware