Help_TrojandownloaderagentEC

I need help on how to remove this as well as other nuances which slow down our PC to a crawl and often prevent accessing certain web sites. It has improved after going thru Read&RunMeFirst Process, but still has issues. I have attached logs from Bitdefender/Panda/HJT
OS=Windows XP ....Thanks for what you do

 

Welcome to MajorGeeks.com!

Please see the below threads on how to install and run Spy Sweeper and Ewido Anti-Malware. After you ran both programs, attach the logs to your next post along with a fresh HJT log from normal mode.

• Running Spy Sweeper...
  
  
• Running Ewido Security Suite ...

 

Ok, I have run SpySweeper & Ewido as well as attaching logs. Let me know what I need to do next.... Thanks... (getting error on page, will include HJT log on next post)

 

Fresh HJT Log

 

Please look in Add/Remove Programs for the following and uninstall them if found:

Ewido

Spy Sweeper

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

• Temporary Files
• Temporary Internet Files
• Recycle Bin

And Click OK.

After you complete the above, REBOOT and proceed with the rest of this fix...

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

I have now removed Ewido & Spysweeper.
Rescanned w/ HJT and checked "http://hsremove.com/done.htm". After removing that, I promptly rcvd a messg from MSAntiSpyware: 'Blocked the explorer URL from being changed.' I don't know exactly how to stop that. You will see on latest HJT that the entry is still there.
When running CCleaner, at one point I rcvd a popup: 'Error deleting file or folder - Cannot delete file.'
Ad-AdwareSE ran smoothly detecting only several MRU(?).
After updating Spybot S&D, it said next to the new item: '!!!!BadCheckSum!!!'
Is that normal? Did the update take?
We have two users on this PC, so I ran both processes under each sign-on. My husbands signon recved a messg: 'MSAntiSpyware has allowed startup prog. Messenger to be installed. I think I blocked this under my sign-on, but keep noticing it on his.
We can move around much better than before. I did have a problem getting back to my inbin on yahoo, and then was directed to a page stating: 'Having a problem accessing your account, please refresh page and sign-in again.' This happened twice tonite. Then spywaredoctor sent a pop up advising it was preventing access to a site referencing: 'res://c:\program~1/spywar!tools\ies9s9.dll/gen-english' (not sure about the 9's).
Attached is most recent HJT.... thanks for your help... the internet is now like a mine field with the triggers changing every day!!!

 

Before we do anything, uninstall Microsoft Antispyware so it will not block anything else we try to fix.

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.

After you complete the above, reboot and let me know how things are running. I would run CCleaner, Ad-Aware and Spybot S&D on each user account as each account has different files and settings.

Also, when updating Spybot, choose a different server and it will update. Sometimes the servers get too busy and give that error.