I'd like to know how to use TDS-3 to do a full system scan of my computer to make sure I've gotten rid of all of the trojans I had on my computer. I think there are some left but I don't really want to go fooling around too much. I was hoping TDS could just finish it up for me. Here's my log just to see if I actually have any trojans left: Logfile of HijackThis v1.97.7 Scan saved at 9:07:36 PM, on 1/5/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\devldr32.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Philip\Desktop\hijackthis\HijackThis.exe O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\AproposClient\AproposPlugin.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {E4D0B9E4-1891-46C1-AA1A-779B136478BB} - C:\WINDOWS\System32\dsosund3d.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/213ed927be0e970d6b06/netzip/RdxIE601.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.146.72.210:8111/AxisCamControl.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37966.2521064815 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D703D613-2B70-47DA-B0F6-C2B7806DD63B}: NameServer = 151.196.0.39 151.196.0.38 I think I still have the Drpeper trojan on my comp but I was hoping maybe TDS could fix that because the downloads I tried before didn't work. Anyway, thanks for any help you all can give me. Really I just want to know how to have TDS do a full scan and then how to delete the problems...but if by looking at my log you can tell me problems that I need to fix without using TDS then that would be great too. Thanks -Matt

Also wondering how I could go about monitoring or preventing trojans from entering the computer again...

No peper for you. "...but if by looking at my log you can tell me problems that I need to fix without using TDS then that would be great too" Remove this and reboot. O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\AproposClient\AproposPlugin.dll O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/213ed927be0e970d6b06/netzip/RdxIE601.cab After you reboot, delete the Apropos Client folder. Get all critical window updates. http://v4.windowsupdate.microsoft.com "Also wondering how I could go about monitoring or preventing trojans from entering the computer again..." Get SpywareBlaster, link within the link under my name. Other tips to prevent the new trojans also.

Ok I deleted all that stuff with Hijack and so I think that should be it. I came across some .exe files I wasnt sure about when I was deleting the AproposClient folder. "apropos_client_loader.exe" and "ezStub.exe" were in C:/ ...was wondering if I should just delete those...or what? Also, when I start up IE for the first time after restarting...it goes to my homepage Google but then a popup comes up...I forgot the name because I get rid of it quickly...but just wondering what I could do to stop that and if there is something going on in the background that I dont know about...Anyway thanks so much! -Matt

"when I was deleting the AproposClient folder. "apropos_client_loader.exe" and "ezStub.exe" were in C:/ ...was wondering if I should just delete those...or what?" Yes, ezStub.exe is part of ezula, can also be removed with Ad-Aware or SpyBot. Info about it: http://www.safersite.com/PestInfo/e/ezula.asp Run this to clean up. http://www.lavasoftusa.com/support/download/ Get SpywareBlaster at the link under my name, and follow the tips to secure your computer. Good luck