Waiting for HJT dx & Read "whocares" section on Active Backdoors

[LaFemmeMichele]

Hello,
 
 I've found trojans in my system (WinXP), have cleaned extensively for a few days, & am awaiting HJT log analysis, when "whocares" article on Active Backdoors has me wondering if my "guests" might fall into that category. 
   
Although more than one variety was found, there was one in Windows/ system32.
My Denial Access Error MSCONFIG leads me to believe this as well. I'm a novice. I'd like your opinion. There are many more details attached with my HJT log. I'm providing a link:

http://forums.spywareinfo.com/index.php?showtopic=90175&


    Is reformatting my only option? Have I been so compromised?

Thank you for your time & expertise.

[Eddy]

Please have a look at my website for malware removal instructions and tutorials/online analyzers  for HijackThis. www.ache.nl

[LaFemmeMichele]

Eddy,

  I followed Wilders General Cleaning of Virus & Trojan Instructions. Very similar to yours, Eddy. Your site is a beautiful shade of blue. I'm a novice. I am not qualified to interpret HJT!

   Certainly you're qualified to give me an informed answer to my question.

   Anyone else care to?

   Is "whocares" still a mod here?

[Eddy]

I sure am qualified to analyze a HJT log if I may say so. I know the writer of HJT. He is Dutch just like me and we have a good understanding. Besides that, I am the guy who created the first automatic log analyzer for HJT. After I introduced it here on this board, all of a sudden you saw all kinds of websites with online analyzing apearring :-)

I had a look at your log (posted Nov 30 2006, 05:53 AM on spywareinfo.com) and didn't found anything suspecious or bad. There are some things you can remove from loading at boottime, but that is all. If you remove them is up to you. It wil not harm anything, just make the boot process a bit faster and free up some system resources. If you will notice the increase in speed or not depends on your system and what applications you are using.

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

[LaFemmeMichele]

Eddy,

   Thank you very much! It's nice to make your aquaintance! I've read Merijn (sp?) site. This was my first HJT by the way! As exhausting as my continual PC problems are, I really am learning from each new ordeal & find all of this to be quite fascinating albeit frustrating! I look forward to the day when the frustration level drops! And I truly appreciate your input--when I utilize MS paid support, it sucks in comparison to the knowledge & willing help on these forums. You don't need to be a rocket scientist to pick up on this! So thank you again, Eddy!:)

   I have a question re removing items from startup using msconfig. That's how I do it & I've read it isn't the best way--you stay in Selective mode after doing so instead of running in Normal mode. What is your advice re this?

Michele

[Eddy]

Just run HJT, put a checkmark in front of the items you want to remove and click fix.
Don't forget to reboot after fixim them to make the changes effective.
That is all and you won't have the selective mode :-)
Even I can do it... 

[LaFemmeMichele]