Trojandownloader.xs need help removing

You should seriously consider posting the logs that were requested in the READ & RUN ME so we can be sure you do not have any other malware.

NOTE: The Windows firewall is totally inadequate anyway. You need a better firewall. See the ones mentioned in the below.

How to Protect yourself from malware!


For your printer problem, did you try starting the Print Spooler Service.

 

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Print Spooler
• then right click the entry, select Properties and under Service status: click the Start button to start the service
• Next please set the Start-up Type to Automatic
• Click OK until you get back to Windows.

It's a good thing I said to attach your logs!! The READ ME cleaned up a ton of stuff but we have some more to do.

You appear to have a broken McAfee SecurityCenter installed. Do you still use McAfee?

Also you appear to have an incomplete uninstall from having Symantec installed at some time. Please run the below:

Norton Removal Tool (SymNRT)


Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below software as requested in step 1 of the READ ME:
Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
O2 - BHO: (no name) - {EFC650B7-C53F-4FA6-8AE4-D9B290342F4C} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - (no file)
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\vikogiveq.html

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp\
C:\Documents and Settings\HP_Administrator\Local Settings\Temp

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Make sure you tell me how things are working now!

 

Your PC lost the Windows File Association for .REG files. Let's fix it.

Now Copy the bold text below to notepad. Save it as RegFix.reg to your desktop. Be sure the
"Save as" type is set to "all files". Then Click Start, Run, and enter regedit and click OK.
This will open the Registry Editor.

In the Registry Editor click File and Import. Navigate to the RegFix.reg patch you saved on your
Desktop and double click on it. Click OK at the prompt to add to the registry. Do you get a success
message for this?

Then retry the fixME.reg patch and continue on with the rest of the instructions.

 

Did you try doing what I requested in message # 8 to Start the service?

 

Having the logs is not going to help you unless you have the backups from what you deleted on your own that would be saved in the HijackThis backups folder. Did you delete the spoolsv.exe file along with the service? Check to see if the below file exists:

C:\WINDOWS\system32\spoolsv.exe

It looks like you also deleted the below service:
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - (no file)

This is related to AutoPlay functionality such as digital cameras, CD ROM's.

Why were you doing these things on your own?


Your logs are clean but it appears that you did not do the below as requested

What problems are your currently having? For non-malware issues like your services, I will be sending you to the Software Forum.

 

You're welcome. I suggest that you work your way thru the below:

How to Protect yourself from malware!