Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SpyTrooper PEST

Started by andh , Oct 04 2005 10:43 PM

  • Please log in to reply

#1
andh
Posted 04 October 2005 - 10:43 PM

andh

    New Member

  • Member
  • Pip
  • 6 posts
I have tried ad-aware to remove this Spy trooper/Ps guard thing but it keeps coming back. I have also tried spy doctor.
can you plaeas have a look at my hijack this log?

Logfile of HijackThis v1.99.1
Scan saved at 2:06:00 PM, on 5/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\System32\mssearchnet.exe
C:\WINDOWS.0\System32\nvctrl.exe
C:\Program Files\Kitco\Kcast\Kcast.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Morpheus\Morpheus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.682\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
O2 - BHO: HomepageBHO - {893fad3a-931e-4e53-b515-b1426d63799b} - C:\WINDOWS.0\System32\hpAF54.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.0\System32\msdxm.ocx
O4 - HKCU\..\Run: [KITCO] C:\Program Files\Kitco\Kcast\Kcast
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT Profile Manager Class) - https://online.westp...iomanagerwt.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{752E02E3-EEA9-485E-9C9C-C828CA30FFCC}: NameServer = 203.12.160.35 203.12.160.36
  • 0

Advertisements

#2
don77
Posted 09 October 2005 - 12:30 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi and welcome, Sorry for the delay in repsonse,
Seeing as it has been a few days since you have posted your HJT log
Could you run through the steps outlined in this Post Please,

Go to start >>run and type in MSCONFIG. Go to the startup tab and make sure every single box in there has a check in it. after this is done
Post back a fresh HJT log when done please,

If you have resolved this issue could you let us know please,

Thanks and again sorry for the late reply
  • 0

#3
andh
Posted 11 October 2005 - 05:23 AM

andh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
HI DON77

THIS IS MY LOG WITH ALL START UP TABS TICKED.

Logfile of HijackThis v1.99.1
Scan saved at 8:36:36 PM, on 11/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Kitco\Kcast\Kcast.exe
C:\WINDOWS.0\System32\mssearchnet.exe
C:\WINDOWS.0\System32\nvctrl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
O2 - BHO: HomepageBHO - {3bf1f86f-b1a8-489b-8d8b-43781d51411f} - C:\WINDOWS.0\System32\hpE73A.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.0\System32\msdxm.ocx
O4 - HKCU\..\Run: [KITCO] C:\Program Files\Kitco\Kcast\Kcast
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS.0\System32\shdocvw.dll
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT Profile Manager Class) - https://online.westp...iomanagerwt.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{752E02E3-EEA9-485E-9C9C-C828CA30FFCC}: NameServer = 203.12.160.35 203.12.160.36
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP