Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SpyTrooper PEST


  • Please log in to reply

#1
andh

andh

    New Member

  • Member
  • Pip
  • 6 posts
I have tried ad-aware to remove this Spy trooper/Ps guard thing but it keeps coming back. I have also tried spy doctor.
can you plaeas have a look at my hijack this log?

Logfile of HijackThis v1.99.1
Scan saved at 2:06:00 PM, on 5/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\System32\mssearchnet.exe
C:\WINDOWS.0\System32\nvctrl.exe
C:\Program Files\Kitco\Kcast\Kcast.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Morpheus\Morpheus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.682\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
O2 - BHO: HomepageBHO - {893fad3a-931e-4e53-b515-b1426d63799b} - C:\WINDOWS.0\System32\hpAF54.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.0\System32\msdxm.ocx
O4 - HKCU\..\Run: [KITCO] C:\Program Files\Kitco\Kcast\Kcast
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT Profile Manager Class) - https://online.westp...iomanagerwt.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{752E02E3-EEA9-485E-9C9C-C828CA30FFCC}: NameServer = 203.12.160.35 203.12.160.36
  • 0

Advertisements


#2
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi and welcome, Sorry for the delay in repsonse,
Seeing as it has been a few days since you have posted your HJT log
Could you run through the steps outlined in this Post Please,

Go to start >>run and type in MSCONFIG. Go to the startup tab and make sure every single box in there has a check in it. after this is done
Post back a fresh HJT log when done please,

If you have resolved this issue could you let us know please,

Thanks and again sorry for the late reply
  • 0

#3
andh

andh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
HI DON77

THIS IS MY LOG WITH ALL START UP TABS TICKED.

Logfile of HijackThis v1.99.1
Scan saved at 8:36:36 PM, on 11/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Kitco\Kcast\Kcast.exe
C:\WINDOWS.0\System32\mssearchnet.exe
C:\WINDOWS.0\System32\nvctrl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
O2 - BHO: HomepageBHO - {3bf1f86f-b1a8-489b-8d8b-43781d51411f} - C:\WINDOWS.0\System32\hpE73A.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.0\System32\msdxm.ocx
O4 - HKCU\..\Run: [KITCO] C:\Program Files\Kitco\Kcast\Kcast
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS.0\System32\shdocvw.dll
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT Profile Manager Class) - https://online.westp...iomanagerwt.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{752E02E3-EEA9-485E-9C9C-C828CA30FFCC}: NameServer = 203.12.160.35 203.12.160.36
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP