Author Topic: Trojan Horse removal (Read 13927 times)

arosegirl · « **Reply #75 on:** November 17, 2008, 02:29:07 AM »

ComboFix 08-11-16.04 - Charlene 2008-11-16 21:12:26.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.181 [GMT -6:00]
Running from: c:\documents and settings\Charlene\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Charlene\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.

2096-10-24 08:38 . 2096-10-24 08:38   39,936   --a--c---   C:\Cassini.8BF
2008-11-14 19:22 . 2008-11-14 19:23   <DIR>   d--------   c:\program files\New Folder
2008-11-14 19:22 . 2008-11-14 19:22   <DIR>   d----c---   C:\New Folder
2008-10-28 16:42 . 2008-10-28 16:42   <DIR>   d--------   c:\program files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 03:02   ---------   d-----w   c:\program files\Common Files\Symantec Shared
2008-11-17 00:25   ---------   dc----w   c:\documents and settings\All Users\Application Data\Google Updater
2008-11-15 02:54   ---------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2008-11-12 13:59   3,350   --sha-w   c:\windows\SYSTEM32\KGyGaAvL.sys
2008-11-05 04:36   ---------   d-----w   c:\program files\Fonts
2008-10-24 11:10   453,632   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10   453,632   ------w   c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-22 22:10   38,496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 22:10   15,504   ----a-w   c:\windows\system32\drivers\mbam.sys
2008-10-20 03:02   ---------   d-----w   c:\documents and settings\All Users\Application Data\Symantec
2008-10-16 13:26   ---------   d-----w   c:\program files\trend micro
2008-10-16 03:12   ---------   d-----w   c:\program files\Java
2008-10-15 16:57   332,800   ------w   c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-10 15:25   ---------   d-----w   c:\documents and settings\Charlene\Application Data\Sammsoft
2008-10-07 22:44   ---------   d-----w   c:\program files\Microsoft AntiSpyware
2008-10-07 22:26   805   ----a-w   c:\windows\system32\drivers\SYMEVENT.INF
2008-10-07 22:26   60,800   ----a-w   c:\windows\SYSTEM32\S32EVNT1.DLL
2008-10-07 22:26   123,952   ----a-w   c:\windows\system32\drivers\SYMEVENT.SYS
2008-10-07 22:26   10,671   ----a-w   c:\windows\system32\drivers\SYMEVENT.CAT
2008-10-07 22:26   ---------   d-----w   c:\program files\Symantec
2008-10-07 08:10   348,160   ----a-w   c:\windows\SYSTEM32\msvcr71.dll
2008-10-07 08:10   ---------   d-----w   c:\program files\Common Files\xing shared
2008-10-07 08:10   ---------   d-----w   c:\program files\Common Files\Real
2008-10-07 02:10   ---------   d-----w   c:\program files\EsetOnlineScanner
2008-10-03 17:41   6,066,176   ------w   c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2008-10-02 03:01   ---------   d-----w   c:\program files\Common Files\Adobe
2008-09-30 22:43   1,286,152   ----a-w   c:\windows\SYSTEM32\msxml4.dll
2008-09-29 20:10   ---------   dc----w   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-29 20:10   ---------   d-----w   c:\documents and settings\Charlene\Application Data\SUPERAntiSpyware.com
2008-09-29 20:08   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2008-09-29 12:51   ---------   dc----w   c:\documents and settings\All Users\Application Data\Malwarebytes
2008-09-29 12:51   ---------   d-----w   c:\documents and settings\Charlene\Application Data\Malwarebytes
2008-09-19 19:18   ---------   d-----w   c:\documents and settings\Charlene\Application Data\Filter Forge
2008-09-15 11:57   1,846,016   ----a-w   c:\windows\SYSTEM32\win32k.sys
2008-09-15 11:57   1,846,016   ------w   c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-09-04 16:42   1,106,944   ----a-w   c:\windows\SYSTEM32\msxml3.dll
2008-09-04 16:42   1,106,944   ------w   c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
2008-08-28 10:04   333,056   ------w   c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-08-27 08:24   3,593,216   ----a-w   c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-08-25 08:38   13,824   ------w   c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2008-08-25 08:37   70,656   ------w   c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-08-23 05:56   635,848   ------w   c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2008-08-23 05:54   161,792   ------w   c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2008-04-07 01:36   6,039,144   ----a-w   c:\program files\Firefox Setup 2.0.0.13.exe
2007-06-07 21:59   29,176   ----a-w   c:\program files\TranslatePlugInSetup.zip
2006-12-30 23:06   3,262,369   ----a-w   c:\program files\alzip.exe
2006-12-30 22:42   1,035,271   ----a-w   c:\program files\wrar362.exe
2006-06-09 02:51   0   ----a-w   c:\program files\pspbrwse.jbf
2006-04-06 01:37   0   ---ha-w   c:\documents and settings\Charlene\hpothb07.dat
2005-06-01 01:53   89,088   ----a-w   c:\program files\TranslatePlugInSetup.msi
2003-01-31 09:43   6,065,152   ----a-w   c:\program files\Mystical.exe
2003-01-31 00:20   1,396,736   ----a-w   c:\program files\Mystical_PlugIn.8bf
2001-07-17 21:15   66,680   ----a-w   c:\program files\ARDS1.ttf
1998-12-09 10:53   99,840   ----a-w   c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 10:53   70,144   ----a-w   c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 10:53   48,640   ----a-w   c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 10:53   31,744   ----a-w   c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 10:53   186,368   ----a-w   c:\program files\Common Files\IRAREG.DLL
1998-12-09 10:53   17,920   ----a-w   c:\program files\Common Files\IRASRIAL.DLL
2007-09-21 20:25   88   --sh--r   c:\windows\SYSTEM32\41A9B94B56.sys
.

((((((((((((((((((((((((((((( snapshot@2008-10-16_17.16.42.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-05 09:41:45   453,120   ------w   c:\windows\Driver Cache\I386\mrxsmb.sys
+ 2008-10-24 11:10:42   453,632   ------w   c:\windows\Driver Cache\I386\mrxsmb.sys
- 2005-10-21 01:02:28   163,328   ----a-w   c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 02:02:28   163,328   ----a-w   c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2008-11-12 09:00:46   32,768   ----a-r   c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2000-08-31 13:00:00   28,672   ----a-w   c:\windows\NIRCMD.exe
+ 2000-08-31 14:00:00   28,672   ----a-w   c:\windows\NIRCMD.exe
- 2000-08-31 13:00:00   161,792   ----a-w   c:\windows\SWREG.exe
+ 2000-08-31 14:00:00   161,792   ----a-w   c:\windows\SWREG.exe
- 2008-10-07 19:19:40   16,721,856   ----a-w   c:\windows\SYSTEM32\MRT.exe
+ 2008-11-04 00:10:25   17,318,336   ----a-w   c:\windows\SYSTEM32\MRT.exe
- 2006-08-17 12:28:27   332,288   ----a-w   c:\windows\SYSTEM32\netapi32.dll
+ 2008-10-15 16:57:55   332,800   ----a-w   c:\windows\SYSTEM32\netapi32.dll
- 2008-03-26 20:40:30   53,436   ----a-w   c:\windows\SYSTEM32\PERFC009.DAT
+ 2008-11-05 02:49:37   53,436   ----a-w   c:\windows\SYSTEM32\PERFC009.DAT
- 2008-03-26 20:40:30   381,692   ----a-w   c:\windows\SYSTEM32\PERFH009.DAT
+ 2008-11-05 02:49:37   381,692   ----a-w   c:\windows\SYSTEM32\PERFH009.DAT
- 2007-11-30 11:18:51   17,272   ------w   c:\windows\SYSTEM32\spmsg.dll
+ 2008-07-08 13:02:01   17,272   ------w   c:\windows\SYSTEM32\spmsg.dll
+ 2008-09-30 22:42:08   1,286,152   ----a-w   c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 22:45:12   91,656   ----a-w   c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-03 98304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe [2005-02-14 442368]
Forget Me Not.lnk - c:\program files\Broderbund\AG CreataCard\AGRemind.exe [2008-09-15 323584]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
HP Image Zone Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2005-05-11 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
Symantec Fax Starter Edition Port.lnk - c:\program files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 45568]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-02-03 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Charlene^Start Menu^Programs^Startup^UMAX VistaAccess.lnk]
path=c:\documents and settings\Charlene\Start Menu\Programs\Startup\UMAX VistaAccess.lnk
backup=c:\windows\pss\UMAX VistaAccess.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Abacast\\Abaclient.exe"=
"c:\\Program Files\\MUSICMATCH\\Musicmatch Jukebox\\mm_server.exe"=
"c:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-01-25 149352]
R2 WUSB54Gv42SVC;WUSB54Gv42SVC;"c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe" [2007-07-16 53307]
S3 ALABULKO;OLYMPUS USB Media Adapter device driver;c:\windows\system32\Drivers\ALABLK2o.sys [2002-11-09 34914]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-12 23888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{077bb372-e791-11dc-9deb-82fd64bbcb41}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7835e403-0636-11dd-9df6-001111b562a6}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc16b8e9-10db-11dd-9df8-001111b562a6}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-11-13 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Charlene.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 08:05]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 21:17:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-16 21:23:13
ComboFix-quarantined-files.txt 2008-11-17 03:22:18
ComboFix2.txt 2008-11-17 01:24:45
ComboFix3.txt 2008-11-16 04:10:21
ComboFix4.txt 2008-11-15 23:16:30
ComboFix5.txt 2008-11-17 03:11:30

Pre-Run: 42,164,215,808 bytes free
Post-Run: 42,164,862,976 bytes free

187   --- E O F ---   2008-11-12 09:05:41

Corrine · « **Reply #76 on:** November 17, 2008, 11:21:49 AM »

Thank you, Charlene.

I don't know how you managed to add the "New Folder" or the folder for Awil. First let's take care of ComboFix.

Please do the following:

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Since you will be replacing Norton, you will need both an antivirus software and a software firewall. The following software programs are free for personal use:

Antivirus:

avast! 4 Home Edition
Avira AntiVir PersonalEdition Classic

If you prefer a subscription software, ESET Nod32 is an excellent antivirus software.

Firewalls:

Agnitum Outpost Firewall
Kerio Personal Firewall
Online Armor Free

Having a firewall, anti-virus and anti-malware software are not enough. You also need to stay current with security updates. If you don't have your computer set to automatically install the Microsoft Security Updates, please check for updates now. For additional information, see my blog post Understanding Microsoft Updates

To check if your system is missing security updates or has insecure applications installed, visit http://secunia.com/software_inspector/ . The Secunia Software Inspector runs through your browser with no installation or download required and does the following:

Detects insecure versions of applications installed
Verifies that all Microsoft patches are applied
Assists you in updating your system and applications

Install and update SpywareBlaster to prevent the installation of spyware and other potentially unwanted software: http://www.javacoolsoftware.com/spywareblaster.html

My favorite security software is WinPatrol which includes the features described at http://www.winpatrol.com/features.html

Please confirm that you computer is back to "normal" and let me know if you have any questions.

arosegirl · « **Reply #77 on:** November 17, 2008, 01:48:45 PM »

Wow, I would need allllllll that! I think I will stick to Norton then! I will have it do a scan now and see if I am horse free! Thanks Corinne

Corrine · « **Reply #78 on:** November 17, 2008, 02:14:45 PM »

Charlene, you need "allllllll that!" regardless of whether you use Norton or another software solution. What I mean is that it is critical to keep all the software on your computer updated. The addition of SpywareBlaster and WinPatrol will provide additional protection, as described above.

arosegirl · « **Reply #79 on:** November 17, 2008, 05:16:51 PM »

Norton says I still have the 2 Trojan Horses.
I will add SpywareBlaster and WinPatrol.
Thanks
Charlene

Corrine · « **Reply #80 on:** November 17, 2008, 05:20:40 PM »

Do you have a log from Norton? It may be seeing a quarantine file.

arosegirl · « **Reply #81 on:** November 20, 2008, 05:26:08 PM »

Apparently Norton is seeing them in quarantine. It told me there were no items that needed attention.
I still would feel much better if they were GONE!! My computer is now soooo slow, reminds me of my old dial-up. Sometimes I have to click on an icon a dozen times before it comes up. NOT GOOD!

Tell me please if I can remove some of these from my desktop. Check PC for errors,
ATF Cleaner, gpl-2.0, JavaRa, hijackthis 2 of them, Kaspersky, and a log.
I am going to purchase the Spyware Doctor and keeping the Malware.
Thanks
Charlene

Corrine · « **Reply #82 on:** November 20, 2008, 05:59:05 PM »

Hi, Charlene.

I would advise you to hold off purchasing anything until we take a fresh look at what you already have on your computer. The software you are talking about removing uses a very low profile and tools like ATF Cleaner will help reduce the clutter.

Please launch HijackThis to create an Uninstall List:

Click "Open the Miscellaneous Tools Section"
Under System Tools, click Open Uninstall Manager
Click 'save list'.
The list will be named uninstall_list.txt and will open in Notepad
Copy/paste the results as a reply.

arosegirl · « **Reply #83 on:** November 20, 2008, 10:06:09 PM »

Here you go!!
32 Bit HP CIO Components Installer
3D Shadow by Lokas Software
Abacast Client
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Advanced Registry Optimizer
Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Nature
Alien Skin Eye Candy 5 Textures
Alien Skin Xenofex 2.0
ALZip
American Greetings CreataCard Select 6
AppCore
Artistic Effects by Lokas Software
AVItoGIF
Banctec Service Agreement
ccCommon
Chromatica
Component Framework
Corel Paint Shop Pro Photo X2
Corel Paint Shop Pro X
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
DellSupport
DrawPlus 3.0
EarthLink setup files
ESET Online Scanner
Eye Candy 3
Eye Candy 4000
Filter Forge 1.009
Filter Meister 1.0 Beta 7
Filters Unlimited 2.0.3
GdiplusUpgrade
Get High Speed Internet!
Google Toolbar for Internet Explorer
Google Updater
Harry's Filters 3
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 9.0
HP Deskjet 5900 series
HP Deskjet All-In-One Software 9.0
HP Image Zone 5.0
HP Imaging Device Functions 9.0
HP Memories Disc
HP Smart Web Printing
HP Update
ImageMixer VCD/DVD2 for OLYMPUS
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
Jasc Paint Shop Pro 8
Jasc Virtual Painter 4
Java(TM) 6 Update 7
Learn2 Player (Uninstall Only)
Linksys Wireless-G USB Network Adapter
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft AntiSpyware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Premium
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Journal Viewer
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch® Jukebox
My Way Search Assistant
namesuppressed Plaid Lite 1.13
Nature Illusion Studio
Nero Media Player
Nero OEM
NeroMIX
NeroVision Express 3 SE
NeroVision Express Content
NetZeroInstallers
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
OLYMPUS CAMEDIA Master Pro 4.3
OLYMPUS Master
OLYMPUS USB Reader/Writer
OpenOffice.org Installer 1.0
Paint Shop Pro 7 Anniversary Edition
Photo Click
Photosmart 140,240,7200,7600,7700,7900 Series
Photosmart 140,240,7200,7600,7700,7900 Series
Plugin Galaxy 1.50
pluginCreativity textArt
PowerDVD 5.3
PrintMaster
QuickTime
RealPlayer
Red Prince Flips ’n Rolls
Red Prince Noise
Red Prince Pixie Dust
Red Prince Whitewash
Retoucher
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Softener
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
SPBBC 32bit
Spyware Doctor 6.0
Sqirlz Water Reflections
SUPERAntiSpyware Free Edition
Symantec KB-DocID:2003093015493306
The Font Thing
Translation Plug-in
Ulead ArtTexture.Plugin 1.0
Ulead GIF-X.Plugin 2.0
Ulead Particle.Plugin 1.0
Uninstall DreamSuite
Uninstall Mystical
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Viewpoint Media Player
Vizros Explorer
Vizros Plug-ins 4.1
Vstascan
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip
WordPerfect Office 12
Xenofex 1.0
Yahoo! Install Manager
Yahoo! Toolbar

Thanks, Charlene

Corrine · « **Reply #84 on:** November 20, 2008, 10:53:01 PM »

Hi, Charlene.

Based on your knowledge of computers, I would strongly encourage you to uninstall Advanced Registry Optimizer

Yes, you can delete the log and uninstall ESET Online Scanner and HijackThis 2.0.2. If they are needed again, they can be downloaded

Go to C:\RSIT and delete that folder -- but ONLY the folder named RSIT.

The following are unnecessary and can be uninstalled if you do not use them:

Google Toolbar for Internet Explorer (You probably got this with Spyware Doctor 6.0)
Google Updater
My Way Search Assistant (considered adware and advisable to be removed)
Yahoo! Install Manager
Yahoo! Toolbar
Spyware Doctor 6.0 (Includes pre-checked Google toolbar at installation and you have MBAM and SUPERAntispyware)

You can also review whatever these may be and if you don't use them, uninstall. Guessing they may have something to do with Drawing packages, if you use them, even on occasion, they are not hurting anything.

Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Nature
Alien Skin Eye Candy 5 Textures
Alien Skin Xenofex 2.0
Eye Candy 3
Eye Candy 4000
Red Prince Flips ’n Rolls
Red Prince Noise
Red Prince Pixie Dust
Red Prince Whitewash
Sqirlz Water Reflections

Anti-malware Software

You are right. You do not need all three of these. If you like SAS, then no problem purchasing a subscription. Personally, however, I would compare the cost, features and support of SAS and MBAM before making that choice (i.e., I do not know if SAS is an annual subscription or a one-time fee like MBAM.)

Malwarebytes' Anti-Malware http://www.malwarebytes.org/mbam.php
SUPERAntiSpyware http://www.superantispyware.com/superantispyware.html

Additional:

Personal opinion only: Charlene, you need to decide for yourself what is best for you. Personally, however, considering the way Norton left you hanging after charging you for supposedly fixing your computer, I would not be inclined to stick with Norton. If you want a one-size-fits-all package that includes antivirus, anti-spam, anti-whatever plus firewall but doesn't take up all the bandwidth on your computer, I would suggest ESET Smart Security. It has a very small footprint (as shown below) and ESET is an excellent product. http://www.eset.com/smartsecurity/

# Memory: 33 - 38 MB on average
# Disk Space (download): 16MB
# Disk Space (installation): 78MB

If you prefer to use "free for personal use" products, I provided the links previously but will provide them once again:

Free Antivirus Software:

avast! 4 Home Edition
Avira AntiVir PersonalEdition Classic

Free Firewalls:

Agnitum Outpost Firewall
Kerio Personal Firewall
Online Armor Free

There is a lot of information here. After you complete uninstalling what you no longer need and finalize your decision regarding the anti-malware and antivirus/firewall software, post back and let us know how you are doing. We can provide instructions for "disk cleanup" and "defraging the hard drive".

arosegirl · « **Reply #85 on:** November 21, 2008, 02:33:07 AM »

O.K. all I have left on the desktop is:Malware, Kaspersky, ATF-Cleaner and JavaRa. I deleted or uninstalled all the items you listed.

Tell me about ESET Smart Security, would I need any other program? I really don't want
to have a lot of different programs.

I don't have the SUPERAntiSpyware, do you think I need it as well....is it free??
Thanks so much.
Charlene

Corrine · « **Reply #86 on:** November 21, 2008, 11:33:16 AM »

Hi, Charlene. When I was looking at your uninstall list, I had SUPERAntiSpyware in my head instead of Spyware Doctor. However, you do have SUPERAntiSpyware on your computer in the Uninstall list: SUPERAntiSpyware Free Edition

You can remove Kaspersky as well.

ESET Smart Security includes a personal firewall, antispam, antivirus and antispyware protection. That and Malwarebytes will do an excellent job. If you are happy with Norton, however, then by all means renew that subscription.

Corrine · « **Reply #87 on:** November 21, 2008, 08:47:05 PM »

Charlene, for an opinion from LzD members who have used the Norton 2009 package, see this topic: http://www.landzdown.com/index.php?topic=29112.msg93192;boardseen#new

LandzDown Forum

News:

Author Topic: Trojan Horse removal (Read 13927 times)

arosegirl

Re: Trojan Horse removal

Corrine

Re: Trojan Horse removal

arosegirl

Re: Trojan Horse removal

Corrine

Re: Trojan Horse removal

arosegirl

Re: Trojan Horse removal

Corrine

Re: Trojan Horse removal

arosegirl

Re: Trojan Horse removal

Corrine

Re: Trojan Horse removal

arosegirl

Re: Trojan Horse removal

Corrine

Re: Trojan Horse removal

arosegirl

Re: Trojan Horse removal

Corrine

Re: Trojan Horse removal

Corrine

Re: Trojan Horse removal