trojan='(

[The_Avatar]

ok so my computer detected a trojan horse and access was denied to it so im kinda confused on how to delete it since even the computer itself cant get to it anyone have any advice to get rid of it?

 

i use windows xp. the filename of the trojan is system32/howipe but i cant get to it for some reason.

 

 

 

heres a hijackthis log

 

 

 

Logfile of HijackThis v1.99.1

 

Scan saved at 6:17:01 PM, on 4/21/2006

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss[Caution: Executable File]

 

C:\WINDOWS\system32\csrss[Caution: Executable File]

 

C:\WINDOWS\system32\winlogon[Caution: Executable File]

 

C:\WINDOWS\system32\services[Caution: Executable File]

 

C:\WINDOWS\system32\lsass[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

c:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: Executable File]

 

c:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: Executable File]

 

c:\Program Files\Norton AntiVirus\navapsvc[Caution: Executable File]

 

c:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: Executable File]

 

c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: Executable File]

 

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: Executable File]

 

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM[Caution: Executable File]

 

C:\Program Files\Spyware Doctor\sdhelp[Caution: Executable File]

 

C:\WINDOWS\system32\wdfmgr[Caution: Executable File]

 

c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: Executable File]

 

C:\WINDOWS\System32\alg[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\Explorer[Caution: Executable File]

 

C:\Program Files\Java\j2re1.4.2_03\bin\jusched[Caution: Executable File]

 

C:\windows\system\hpsysdrv[Caution: Executable File]

 

C:\HP\KBD\KBD[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File]

 

C:\WINDOWS\ALCXMNTR[Caution: Executable File]

 

C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]

 

C:\Program Files\QuickTime\qttask[Caution: Executable File]

 

C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: Executable File]

 

C:\WINDOWS\system32\rundll32[Caution: Executable File]

 

C:\Program Files\Internet Explorer\iexplore[Caution: Executable File]

 

C:\WINDOWS\system32\ctfmon[Caution: Executable File]

 

C:\Program Files\Comcast Wireless Adapter\MA111 Configuration Utility\Wlancfg4[Caution: Executable File]

 

C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

 

C:\Program Files\Microsoft AntiSpyware\gcasDtServ[Caution: Executable File]

 

c:\Program Files\Common Files\Symantec Shared\NMain[Caution: Executable File]

 

c:\PROGRA~1\NORTON~1\navw32[Caution: Executable File]

 

C:\Program Files\Internet Explorer\iexplore[Caution: Executable File]

 

C:\PROGRA~1\SPYWAR~1\swdoctor[Caution: Executable File]

 

C:\Program Files\WinAce\WinAce[Caution: Executable File]

 

C:\DOCUME~1\WALKER~1.YOU\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis[Caution: Executable File]

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

 

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

 

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

 

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

 

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll

 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched[Caution: Executable File]

 

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv[Caution: Executable File]

 

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD[Caution: Executable File]

 

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: Executable File]" /r

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: Executable File]" -osboot

 

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD[Caution: Executable File]

 

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray[Caution: Executable File]

 

O4 - HKLM\..\Run: [VTTimer] VTTimer[Caution: Executable File]

 

O4 - HKLM\..\Run: [siSPower] Rundll32[Caution: Executable File] SiSPower.dll,ModeAgent

 

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File]"

 

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2[Caution: Executable File]

 

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR[Caution: Executable File]

 

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher[Caution: Executable File]

 

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]"

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime

 

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: Executable File] /Consumer

 

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: Executable File]"

 

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32[Caution: Executable File] bthprops.cpl,,BluetoothAuthenticationAgent

 

O4 - HKLM\..\Run: [hgqhp[Caution: Executable File]] C:\WINDOWS\system32\hgqhp[Caution: Executable File]

 

O4 - HKCU\..\Run: [ctfmon[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File]

 

O4 - HKCU\..\Run: [unSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC[Caution: Executable File]"

 

O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\Comcast Wireless Adapter\MA111 Configuration Utility\Wlancfg4[Caution: Executable File]

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL[Caution: Executable File]/3000

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

 

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

 

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC[Caution: Executable File] (file missing) (HKCU)

 

O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC[Caution: Executable File] (file missing) (HKCU)

 

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

 

O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/downl ... st_Win.cab

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{2323CF34-8576-4C61-8721-24167ADCD433}: NameServer = 85.255.116.35,85.255.112.65

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{4B7E0D0C-4F12-43E9-AD5F-13B2A68BDAFA}: NameServer = 85.255.116.35,85.255.112.65

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{A41A599C-479B-4AF8-B6E2-19E011457540}: NameServer = 85.255.116.35,85.255.112.65

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{B45F6CD2-EA79-4726-A7B6-5300B43CDD4C}: NameServer = 85.255.116.35,85.255.112.65

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{DA8977FB-9E3A-4408-9B9B-973A702648EA}: NameServer = 85.255.116.35,85.255.112.65

 

O17 - HKLM\System\CS1\Services\Tcpip\..\{2323CF34-8576-4C61-8721-24167ADCD433}: NameServer = 85.255.116.35,85.255.112.65

 

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

 

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: Executable File]

 

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: Executable File]

 

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: Executable File]

 

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: Executable File]

 

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File]

 

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

 

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc[Caution: Executable File]

 

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor[Caution: Executable File]

 

O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan[Caution: Executable File]

 

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp[Caution: Executable File]

 

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: Executable File]

 

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: Executable File]

 

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: Executable File]

[weezcake]

Have you tried removing it in safe mode?

[The_Avatar]

I have no idea how I would go about doing that could you explain?

[Rednax]

reboot, during the POST you should see an option like F8 for boot options. the F8 could be anything such as F12 or F2. If you tap that during the black screen you will get some options like safe mode, safe mode with command prompt, safe mode with networking. select the safe mode with networking. you need to have an administrator account to use this.