Trojan Help Needed PLEASE

[mom243]

Computer is sittin here in safe mode with networking (disconnected from net) Been down for over a week now, every time i think i've made progress, sometihng new shows up. it literally takes 20 minutes for it to boot up in regular mode. So please whatever i need to do i hopefully can do it in safe mode. I can transfer files via my thumb drive. (as the kids call it, i honestly can't think of what it's called, you know what i mean though)
I was about ready to do a restore on it, but came across your site and thought i'd give it a try.
Thanks so much for your time.

[jholland1964]

This HJT log is so small I don't see how you would even have anything to transfer to a thumb drive. If the computer IS infected you don't want to transfer any files now, the infection could end up on the thumb drive.

Was the HJT scan run in safe or normal mode?
Since you say the computer is in safe mode...do this...
Go in and TURN off and DISABLE from starting the following;

Microsoft Windows Defender
AdAware 2007
SpyBot
SuperAntiSpyware
AVG Anti-Spy program
That is entirely too many anti-spy programs running at one time which definitely can slow a computer.
So turn them all off for now.

There is only one active infection showing in the Kaspersky log, the rest are in either backups of HJT or in System Restore.
Get rid of the HJT backups and reset your System Restore.

The one found by Kaspersky is this one noted in red;
C:\Program Files\TTC.dll

Since you are in Safe Mode then go into C:\Program Files and delete that one noted in red. Just the file NOT the whole folder.

Once you have done the above then reboot the computer in NORMAL mode, even if it takes a long time and run another HJT scan, we need to see a scan done in normal mode. Post the log here

Have you done a defrag lately?
We also need the specs of the computer...hard drive size and how much free space is remaining?
Double click My Computer and then double click "C" drive and see how much space is remaining.
How much RAM is installed? Right Click My Computer. Choose Properties. The very first page you see there will show you how much RAM is installed.

[mom243]

Thanks for the help!!!

Microsoft windows defender was removed / yet it still shows in the processes list. I tried installing that about a week ago, for help with the viruses etc.... it never ran, some error about it didn't load completely. Hence I tried removing it, still shows up but not in add / remove programs.
I opened ccleaner and it's in there, so I removed it.
What is microsoft XML Parser and SDK? does that go with it?
Also something called PS2 in the CCleaner uninstall list, that is not in the add / remove programs list.

i did an msconfig (safe mode) and only avg programs were listed under start up - and msnmessenger (disabled it.) not even on the puter so not sure why it shows up, unless it had something to do with the defender, or update.
Everything else is disabled now as well. Most of those programs i've just recently installed to help rid the computer. Please advise which ones / if any should run on start up besided avg?


I wiped the thumb drive, removed that file you stated. I'm going to transfer auslogics disk defrag, I'll try running that after your advice.

The computer has never been this slow before.
Why all the files listed in kaspersky if only one is there?
Sorry so many questions.


C Drive: When i double clicked it just opens up. so i did a right click and got this info...
Local Disk. NTFS
used space 10.1 GB
Free Space 22.6 GB
Capccity 32.8 GB

AMD Athlon Processor 1.40 GHZ, 112 MB of RAM (hummmm, how do i upgrade that?)

Rebooting again!!

[jholland1964]

Why all the files listed in kaspersky if only one is there?

Kaspersky shows you all the files it scanned, not just the viruses or trojans. The other infections were located in System Restore and backup HiJackThis files. You can get rid of them by deleting the HJT backup files and resetting your System Restore.

AdAware2007 and SpyBot TeaTimer are still running, they both use a lot of resources and are not needed to run at start up. TeaTimer especially can hinder the removal of nasty items.
AdAware2007 runs as a service and must be disabled via services.
Go to Start, Control Panel, Administrative Tools, Services. Scroll through that list until you find it, double click to open and first Stop it from running, it will then turn off, then set start up to disabled.
There are other items that run automatically via services that can be either set to manual or disable. Look here for the list
You disable or stop these just like I noted above.
You really should use Add/Remove to uninstall programs, not CCleaner.
To be certain Windows Defender is removed do the following;
Go to start..click search, files and folders...type in windows defender.
Search will scan the computer and if it finds Windows Defender items just delete them.
You also should use something like Mike Lin's StartUp Control Panel to disable auto starts not msconfig. Msconfig is generally considered a trouble shooting tool and really should only be used for that. Mike Lin's programs is super easy to use and is free. I recommend you download Mike's program, install and it will appear in your Control Panel with a little computer Icon labled Start Up. Once you have done that then go back into msconfig, enable everything again...normal boot. Reboot. Then go to Mike's program, put a checkmark in everything you don't want running at start up, click ok and then reboot again.
PS2 is usually Playstation 2
XML Parser and SDK are for Internet Explorer
msnmessenger is MSN Instant Messenger, has nothing to do with Windows Defender
Other unnecessary items running at start up or in the background are Windows Fax Service, Google Updater,
AVG Anti-spyware, and Super Anti-Spy. Disable via Mike Lin's program.


You have minimal RAM on the system it is very easy to update and really not expensive. You can easily do it yourself.
What is the make and model of the computer?

[mom243]

I was worried about the files showing in kaspersky, since it stated they were changed but nothing was removed or fixed.
I deleted the hijackthis log files.
Reset system Restore.

Tea Timer, Spybot and AdAware.
AdAware - Done

I did / do use Add/REmove for removing programs - they were not in the list, or were an I removed them, but they still showed on CCleaner. I clicked remove and they were still there, and removed them not just removed them from the list. After I rebooted, there were only 3 text files left from defender, I removed them all now.
MSN messenger was not installed, or should i say it was removed and disabled long ago, that's what else i couldn't figure out... where / how it appeared again.


HP Pavilion - XT983 (yes older, but I would upgrade the ram if that's all it really needs to speed it up) Recomendations??

The rest of my log is clear then?

Thanks again for the assistance

[jholland1964]

You computer has the barest minimum of RAM installed for use with XP so no wonder it is slow. Your computer can take up to 512MB of RAM and that is really the best way to go. You should be able to upgrade for a little more than $100. You will be amazed at the speed, it will be like a new computer and much cheaper than a new one.
It is very easy to install...open the case, remove old RAM and plug in the new.
Go to Crucial determine what RAM to order. The site will scan your computer and then recommend the best for your system, remember maximum of 512MB so this would likely be 2-256MB stick of RAM.
Crucial is generally the best place to check and purchase, at least that is what I have found anyway.
I still recommend using Mike Lin's StartUpControl Panel to control auto starts rather than msconfig.
Another thing you might consider is uninstalling AdAware2007....it is KNOWN to slow down a computer and go back to AdAwareSE. Click the name there for the download site for that edition. I tried the 2007 version and found it slowed my computer so I went back to the old version. DO disable SpyBot TeaTimer...it truly is more trouble than it is worth.
Yes, your logs look clean to me. Check out PROTECT YOURSELF FROM MALWARE: Tools & Tips
for what tools to use to keep the computer clean. The ones PP has listed there are the least invasive and use less of your resources. Definitely add SpyWareBlaster
Omit Windows Defender. Keep Spybot, disabling TeaTimer, drop SuperAnti-Spyware, may be draining your resources at this point though it is a good program for most.

[mom243]

I'm sure the new adaware slowed me down some as well. The old SE version is now installed.

Thanks again for all the help and assistance, I'm off to purchase RAM.

[jholland1964]

If you are purchasing it locally be certain you purchase the proper kind, there are several different types and you must get the proper one for your computer. If you use a site like Crucial the site will scan for the proper type.