Please Help (Trojan Problem)

3 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Please Help (Trojan Problem)19th November 2008, 1:22 am

Hello Iv got a problem that I just got today on my Acer laptop. When I start up it shows there is a trojan and a property window shows up saying Winigon Properties with a restore window in the bottom.

These are the trojans my laptop detects

Trojan:win32/Vundu.gen!R-Severe
Trojan:win32/Matcash:H2- Severe

How do I fix this and get rid of them any help will be appreciated
Thanks

Re: Please Help (Trojan Problem)19th November 2008, 1:23 am

Please read >> this thread << and post a Hijack This log.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Please Help (Trojan Problem) DXwU4

Re: Please Help (Trojan Problem)19th November 2008, 1:27 am

can i do this in safe mode? Becuase my cpu keeps shutting down

Re: Please Help (Trojan Problem)19th November 2008, 1:28 am

We won't get much detail.
Can you get the log in normal mode, then we can use tools in safe mode.

Re: Please Help (Trojan Problem)19th November 2008, 1:35 am

ok i will try but the blue screen pops up a restarts the cpu after a couple minutes

Re: Please Help (Trojan Problem)19th November 2008, 1:37 am

Okay.
It shouldn't take more than a minute to open HJT and get the log, then we can go straight to safe mode.

Re: Please Help (Trojan Problem)19th November 2008, 1:50 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:41 PM, on 11/18/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WerFault.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CfgWiz.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Users\Sunny\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Users\Sunny\AppData\Local\Temp\winlogin.exe
C:\Windows\System32\rs32net.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Sunny\AppData\Roaming\gadcom\gadcom.exe
C:\Users\Sunny\AppData\Local\Temp\csrssc.exe
C:\Windows\System32\rs32net.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\WerFault.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe
C:\Users\Sunny\AppData\Local\Temp\Low\1983343844.exe
C:\Users\Sunny\AppData\Local\Temp\Low\csrssc.exe
C:\Users\Sunny\Downloads\HiJackThis.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\WerFault.exe

Re: Please Help (Trojan Problem)19th November 2008, 1:51 am

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: C:\Windows\system32\jsne87fidgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [FF1.tmp] C:\Windows\temp\FF1.tmp
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnkkIAQ.dll,#1
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\Users\Sunny\AppData\Local\Temp\winlogin.exe
O4 - HKLM\..\Run: [rs32net] C:\Windows\System32\rs32net.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\Users\Sunny\AppData\Local\Temp\winlogin.exe
O4 - HKCU\..\Run: [gadcom] "C:\Users\Sunny\AppData\Roaming\gadcom\gadcom.exe" 61A847B5BBF72810379D38466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\Users\Sunny\AppData\Local\Temp\csrssc.exe
O4 - HKCU\..\Run: [rs32net] C:\Windows\System32\rs32net.exe
O4 - HKCU\..\Run: [12CFG94-z641-2SF-N31P-5M1ER6H6L1] C:\RECYCLER\S-1-5-21-7375703473-8080656887-479141202-3278\winigon.exe
O4 - HKCU\..\Run: [MSFox] C:\Users\Sunny\AppData\Local\Temp\a.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Sunny\AppData\Local\Temp\urqRHxyw.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Acer Product Registration.lnk = C:\Program Files\Acer Registration\ACE1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-ca.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB1DD564-091C-494F-B075-D0E8F65421BF}: NameServer = 85.255.112.125;85.255.112.5
O20 - AppInit_DLLs: eNetHook.dll
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdgcw.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15535 bytes

Re: Please Help (Trojan Problem)19th November 2008, 1:52 am

well thats what i got with it showing

Trojan:win32/Vundu.gen!R-Severe
Trojan:win32/Matcash:H2- Severe
and
Host Process for windows Services has stopped working

Re: Please Help (Trojan Problem)19th November 2008, 1:55 am

Ignore what it's saying, that's the virus.
Wow, that's one big mess.
This could take awhile to sort out, so stay with me.

1. Download this file - combofix.exe
2. Boot to safe mode so your machine doesn't crash while we do this.
3. Once in safe mode, double click combofix.exe & choose not to install the recovery console if you are asked.
4. It will probably warn you it wants to reboot your machine once it's done. Allow it to do so.
5. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: Please Help (Trojan Problem)19th November 2008, 2:01 am

when it restarts should i restart in safe mode or normal mode?

Re: Please Help (Trojan Problem)19th November 2008, 2:02 am

Normal mode should be fine after CF has run, CF will load before anything else can, and may complete it's run before your machine burns out.

Re: Please Help (Trojan Problem)19th November 2008, 2:08 am

i dont know why but when i click on ComboFix it doesnt open in safe mode

Re: Please Help (Trojan Problem)19th November 2008, 2:08 am

Maybe the malware stopping it.
Rename it to c0mb0-fix.exe.
Try again.

Re: Please Help (Trojan Problem)19th November 2008, 2:11 am

a window pops up sayin disclaimer of warranty on software do i click yes or no?

Re: Please Help (Trojan Problem)19th November 2008, 2:12 am

Click yes and allow it to run.
If you get a popup asking to install the recovery console, select no.

Re: Please Help (Trojan Problem)19th November 2008, 2:15 am

It says CF has detected the presence of rookit activity and need to reboot the machine?

Re: Please Help (Trojan Problem)19th November 2008, 2:17 am

Allow it to do so. You have a nasty vundo and wareout infection at the same. Hopefully it can complete the run.

Re: Please Help (Trojan Problem)19th November 2008, 2:19 am

it restarted back into normal mode what should i do from here?

Re: Please Help (Trojan Problem)19th November 2008, 2:22 am

It should load itself and tell you not to run anything while it's still running.

Re: Please Help (Trojan Problem)19th November 2008, 2:32 am

it didnt load itself up again it just restarted back into normal mode with all the pop ups and warnings of the trojan

Re: Please Help (Trojan Problem)19th November 2008, 2:34 am

Something didn't go right.
Lets see what (if any) log you've got so far.

Find this file:
C:\combofix\combofix.txt

If it's there, post it here.

Re: Please Help (Trojan Problem)19th November 2008, 2:39 am

i renamed it becasue it wouldnt open

Re: Please Help (Trojan Problem)19th November 2008, 2:40 am

The log file or combofix? CF run didn't complete, probably the malware stopped it again.

Fine, we do this the hard way. First, lets stop the malware running at startup.

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

O2 - BHO: C:\Windows\system32\jsne87fidgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll
O4 - HKLM\..\Run: [FF1.tmp] C:\Windows\temp\FF1.tmp
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnkkIAQ.dll,#1
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\Users\Sunny\AppData\Local\Temp\winlogin.exe
O4 - HKLM\..\Run: [rs32net] C:\Windows\System32\rs32net.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\Users\Sunny\AppData\Local\Temp\winlogin.exe
O4 - HKCU\..\Run: [gadcom] "C:\Users\Sunny\AppData\Roaming\gadcom\gadcom.exe" 61A847B5BBF72810379D38466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\Users\Sunny\AppData\Local\Temp\csrssc.exe
O4 - HKCU\..\Run: [rs32net] C:\Windows\System32\rs32net.exe
O4 - HKCU\..\Run: [12CFG94-z641-2SF-N31P-5M1ER6H6L1] C:\RECYCLER\S-1-5-21-7375703473-8080656887-479141202-3278\winigon.exe
O4 - HKCU\..\Run: [MSFox] C:\Users\Sunny\AppData\Local\Temp\a.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Sunny\AppData\Local\Temp\urqRHxyw.dll,#1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB1DD564-091C-494F-B075-D0E8F65421BF}: NameServer = 85.255.112.125;85.255.112.5
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdgcw.exe
Press "Fix Checked"
Close Hijack This.

Next,

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE.

Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\Users\Sunny\AppData\Local\Temp\Low\1983343844.exe
C:\Users\Sunny\AppData\Local\Temp\Low\csrssc.exe
C:\Windows\system32\jsne87fidgf.dll
C:\Windows\temp\FF1.tmp
C:\Windows\system32\opnkkIAQ.dll
C:\Users\Sunny\AppData\Local\Temp\winlogin.exe
C:\Windows\System32\rs32net.exe
C:\Users\Sunny\AppData\Roaming\gadcom\gadcom.exe
C:\RECYCLER\S-1-5-21-7375703473-8080656887-479141202-3278\winigon.exe
C:\Users\Sunny\AppData\Local\Temp\a.exe
C:\Users\Sunny\AppData\Local\Temp\urqRHxyw.dll
C:\Windows\system32\jsne87fidgf.dll
C:\Windows\system32\kdgcw.exe

Folders to delete:
C:\Users\Sunny\AppData\Local\Temp\Low
C:\Users\Sunny\AppData\Roaming\gadcom

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

Under "Input script here:", paste in the script from the quote box above.
Leave the ticked box "Scan for rootkit" ticked.
Don't tick the box below.
Now click on the Execute to begin execution of the script.
Answer "Yes" twice when prompted.

The Avenger will automatically do the following:
It will Restart your computer.
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log.

Re: Please Help (Trojan Problem)19th November 2008, 2:45 am

does this need to be done in safe mode or normal mode?

Re: Please Help (Trojan Problem)19th November 2008, 2:46 am

Do this in safe mode, then when it reboots, allow it to reboot into normal mode. The avenger WILL load before everything else.

Re: Please Help (Trojan Problem)19th November 2008, 2:48 am

alright i will do this and get back to in a couple hrs. Thanks alot for your time really appriceate it.

Re: Please Help (Trojan Problem)19th November 2008, 2:48 am

Okay. I'm going offline now anyway, so no rush.
Just keep this machine off the internet until we sort this out.

Re: Please Help (Trojan Problem)19th November 2008, 2:49 am

keep the laptop with a trojan off the internet? why

Re: Please Help (Trojan Problem)19th November 2008, 2:51 am

Because with combofix's run being stopped, there's no telling what the malware will download while we aren't killing it. If the machine is off, it won't download more junk.

Re: Please Help (Trojan Problem)19th November 2008, 6:03 am

Here is the avenger text

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "TDSSserv.sys" found!
ImagePath: \systemroot\system32\drivers\TDSSnrde.sys
Start Type: 1 (System)

Rootkit scan completed.

File "C:\Users\Sunny\AppData\Local\Temp\Low\1983343844.exe" deleted successfully.
File "C:\Users\Sunny\AppData\Local\Temp\Low\csrssc.exe" deleted successfully.
File "C:\Windows\system32\jsne87fidgf.dll" deleted successfully.
File "C:\Windows\temp\FF1.tmp" deleted successfully.
File "C:\Windows\system32\opnkkIAQ.dll" deleted successfully.
File "C:\Users\Sunny\AppData\Local\Temp\winlogin.exe" deleted successfully.
File "C:\Windows\System32\rs32net.exe" deleted successfully.
File "C:\Users\Sunny\AppData\Roaming\gadcom\gadcom.exe" deleted successfully.
File "C:\RECYCLER\S-1-5-21-7375703473-8080656887-479141202-3278\winigon.exe" deleted successfully.
File "C:\Users\Sunny\AppData\Local\Temp\a.exe" deleted successfully.
File "C:\Users\Sunny\AppData\Local\Temp\urqRHxyw.dll" deleted successfully.

Error: file "C:\Windows\system32\jsne87fidgf.dll" not found!
Deletion of file "C:\Windows\system32\jsne87fidgf.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Windows\system32\kdgcw.exe" deleted successfully.
Folder "C:\Users\Sunny\AppData\Local\Temp\Low" deleted successfully.
Folder "C:\Users\Sunny\AppData\Roaming\gadcom" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Re: Please Help (Trojan Problem)19th November 2008, 6:04 am

Here is the new hijack one

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59, on 2008-11-18
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Sunny\AppData\Roaming\Twain\Twain.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Sunny\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Sunny\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: C:\Windows\system32\jsne87fidgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe
O4 - HKCU\..\Run: [Twain] C:\Users\Sunny\AppData\Roaming\Twain\Twain.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Acer Product Registration.lnk = C:\Program Files\Acer Registration\ACE1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-ca.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85AA8BC9-CFE5-4A76-885E-5DB8B8B821CF}: NameServer = 85.255.112.125;85.255.112.5
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11629 bytes

Re: Please Help (Trojan Problem)19th November 2008, 12:17 pm

Looks so much better.

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

O2 - BHO: C:\Windows\system32\jsne87fidgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll (file missing)
O4 - HKCU\..\Run: [Twain] C:\Users\Sunny\AppData\Roaming\Twain\Twain.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{85AA8BC9-CFE5-4A76-885E-5DB8B8B821CF}: NameServer = 85.255.112.125;85.255.112.5
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll (file missing)
Press "Fix Checked"
Close Hijack This.

=====

Now lets use the avenger again.

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to disable:
TDSSserv.sys

Drivers to delete:
TDSSserv.sys

Files to delete:
C:\Windows\system32\drivers\TDSSnrde.sys
C:\Users\Sunny\AppData\Roaming\Twain\Twain.exe

Folders to delete:
C:\Users\Sunny\AppData\Roaming\Twain

Under "Input script here:", paste in the script from the quote box above.
Leave the ticked box "Scan for rootkit" ticked.
Don't tick the box below.
Now click on the Execute to begin execution of the script.
Answer "Yes" twice when prompted.

The Avenger will automatically do the following:
It will Restart your computer.
Because of a certain command we are using, the avenger will restart your machine twice.
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log.

After you've done that.

Download OTViewIt to your desktop.

Close all windows and open it
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
You may need to use two posts to get it all on the forum

The logs I need to see:

new avenger.txt
OTViewIt.txt.
new Hijack This log.

Re: Please Help (Trojan Problem)20th November 2008, 12:23 am

I cant get OTViewit to Work it says Not responding when it gets to Scanning Service: Audioendpointbuilder

Re: Please Help (Trojan Problem)20th November 2008, 12:23 am

here is the avenger txt

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "TDSSserv.sys" found!
ImagePath: \systemroot\system32\drivers\TDSSnrde.sys
Start Type: 4 (Disabled)

Rootkit scan completed.

Driver "TDSSserv.sys" disabled successfully.
Driver "TDSSserv.sys" deleted successfully.
File "C:\Windows\system32\drivers\TDSSnrde.sys" deleted successfully.
File "C:\Users\Sunny\AppData\Roaming\Twain\Twain.exe" deleted successfully.
Folder "C:\Users\Sunny\AppData\Roaming\Twain" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Re: Please Help (Trojan Problem)20th November 2008, 12:24 am

here is the hijack this txt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:17, on 2008-11-19
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CfgWiz.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Sunny\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Windows\System32\mobsync.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Sunny\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Acer Product Registration.lnk = C:\Program Files\Acer Registration\ACE1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-ca.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11235 bytes

Re: Please Help (Trojan Problem)20th November 2008, 12:27 am

My bad.
Right click OTViewIt > Run as administrator.
Does it run now?
If so, run and post the log.

The rootkit is gone.
Lets get this machine fixed up now.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 update 10.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10".
Click the "Download" button to the right.
In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Examples of older versions in Add or Remove Programs:
- Java 2 Runtime Environment, SE v1.4.2
- J2SE Runtime Environment 5.0
- J2SE Runtime Environment 5.0 Update 2
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u10-windows-i586-p.exe that you downloaded to install the newest version.

Re: Please Help (Trojan Problem)20th November 2008, 12:29 am

here is the OTView txt really long gunna take a couple times to get all on

OTViewIt logfile created on: 2008-11-19 16:21:06 - Run 3
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Users\Sunny\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16757)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.61% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.88% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 37.66 Gb Free Space | 33.76% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 81.78 Gb Free Space | 73.31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUNNY-PC
Current User Name: Sunny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006-11-02 01:45:57 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2006-11-02 01:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008-09-29 19:49:08 | 00,704,512 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2008-02-07 09:14:48 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2008-09-29 19:49:08 | 00,704,512 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2006-11-21 12:44:32 | 00,107,624 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2006-11-21 12:43:42 | 00,046,736 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
[2006-11-02 01:45:04 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2006-11-02 01:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008-02-18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2006-11-21 12:45:00 | 00,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2008-01-11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
[2007-07-24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007-04-12 17:43:16 | 00,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
[2007-03-14 10:52:30 | 00,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
[2007-04-17 19:36:34 | 00,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
[2007-01-17 10:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2006-11-24 12:57:54 | 00,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
[2007-02-12 15:43:44 | 00,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
[2006-11-28 14:28:12 | 00,020,480 | ---- | M] ( ) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
[2007-04-02 22:07:38 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
[2007-02-10 05:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
[2007-02-10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
[2006-11-02 04:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2006-08-05 08:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
[2007-07-03 10:40:10 | 00,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
[2007-06-28 18:50:52 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
[2007-06-13 11:23:54 | 00,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
[2006-11-02 01:46:00 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2006-11-02 01:46:00 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2006-11-02 01:45:50 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
[2006-11-02 01:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008-02-07 09:11:21 | 01,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2007-04-23 15:51:42 | 04,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2006-10-23 11:00:36 | 00,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2006-11-21 12:44:28 | 00,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2007-03-14 21:01:30 | 00,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[2007-04-12 17:42:26 | 00,457,728 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
[2007-04-04 00:04:44 | 00,813,840 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
[2007-12-14 03:42:38 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
[2007-05-31 08:21:28 | 00,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdc.exe
[2008-08-03 15:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2008-07-06 23:34:59 | 00,167,936 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
[2008-02-06 18:23:13 | 01,232,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2007-10-18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2006-11-02 04:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
[2008-02-06 17:29:26 | 00,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Sunny\AppData\Local\Temp\RtkBtMnt.exe
[2006-11-02 04:36:04 | 00,201,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2006-11-02 04:35:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
[2006-11-02 04:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2007-04-17 19:36:36 | 00,749,568 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
[2007-07-06 11:07:52 | 00,450,560 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
[2006-11-02 04:34:48 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
[2007-04-25 10:35:56 | 00,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
[2007-02-09 06:35:54 | 00,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
[2006-11-02 01:45:50 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
[2008-02-13 03:09:26 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe
[2008-07-18 21:10:40 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2006-11-02 04:34:43 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2006-11-02 04:34:44 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2008-11-19 16:18:43 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Users\Sunny\Downloads\Ot-viewIt.exe

========== (O23) Win32 Services ==========

Re: Please Help (Trojan Problem)20th November 2008, 12:30 am

[2008-02-18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2008-09-29 19:49:08 | 00,704,512 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
[2006-11-21 12:45:00 | 00,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2008-01-11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc [Auto | Running])
[2007-07-24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2006-11-21 12:44:32 | 00,107,624 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
[2006-11-21 12:44:32 | 00,107,624 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Running])
[2006-11-01 22:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006-11-21 12:44:32 | 00,107,624 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
[2006-11-21 12:42:52 | 00,049,296 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2006-11-02 04:36:25 | 02,089,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2008-02-07 03:09:05 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2007-04-12 17:43:16 | 00,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service [Auto | Running])
[2006-11-02 04:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006-11-02 04:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2007-03-14 10:52:30 | 00,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService [Auto | Running])
[2007-04-17 19:36:34 | 00,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service [Auto | Running])
[2007-07-03 10:40:10 | 00,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService [Auto | Running])
[2007-06-28 18:50:52 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService [Auto | Running])
[2006-11-02 04:36:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2006-11-02 01:46:05 | 00,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2008-03-30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2006-11-21 12:42:12 | 00,080,552 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc [On_Demand | Stopped])
[2007-01-17 10:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2006-11-21 12:45:00 | 02,541,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
[2006-11-24 12:57:54 | 00,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService [Auto | Running])
[2006-11-02 05:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008-02-26 21:08:50 | 29,183,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [On_Demand | Stopped])
[2005-10-14 02:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
[2006-11-02 04:36:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007-02-12 15:43:44 | 00,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash [Auto | Running])
[2007-08-24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006-11-28 14:28:12 | 00,020,480 | ---- | M] ( ) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
[2006-11-09 14:30:14 | 00,065,536 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
[2007-04-02 22:07:38 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
[2006-11-02 01:46:12 | 00,545,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [Unknown | Running])
[2006-11-02 01:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2008-02-07 09:14:48 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006-11-02 01:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2007-02-10 05:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
[2007-02-10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
[2007-05-04 14:08:40 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
[2006-11-21 12:43:42 | 00,046,736 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore [Auto | Running])
[2006-11-02 01:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2007-10-18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006-11-02 01:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
File not found -- -- (Windows Tribute Service [Disabled | Stopped])
[2007-10-25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2007-06-13 11:23:54 | 00,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService [Auto | Running])
[2006-11-02 04:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
[2006-11-02 04:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
[2006-08-05 08:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService [Auto | Running])

========== Driver Services ==========

Re: Please Help (Trojan Problem)20th November 2008, 12:31 am

[2006-11-02 01:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006-11-02 01:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006-11-02 01:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006-11-02 01:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006-11-02 01:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006-11-02 01:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006-11-02 01:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006-11-02 01:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006-11-02 00:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006-11-02 00:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [On_Demand | Running])
[2006-11-02 01:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006-11-02 01:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2006-11-01 23:30:52 | 00,467,456 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys -- (athr [On_Demand | Stopped])
[2008-09-29 20:27:58 | 03,930,112 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag [On_Demand | Running])
[2006-12-19 12:18:28 | 00,534,016 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV [On_Demand | Stopped])
[2006-12-19 12:18:28 | 00,534,016 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX [On_Demand | Running])
[2006-11-02 00:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006-11-02 00:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006-11-02 00:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006-11-02 00:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006-11-02 00:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006-11-02 00:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006-11-02 00:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006-11-02 00:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006-11-02 00:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008-02-13 03:09:29 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006-11-02 01:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006-11-02 01:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006-11-02 00:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2006-11-02 00:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2006-11-02 21:29:38 | 00,021,264 | ---- | M] (Dritek System Inc.) -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr [On_Demand | Running])
[2008-02-07 03:09:05 | 00,619,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006-11-01 23:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2006-11-02 04:34:35 | 00,132,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006-11-21 12:44:10 | 00,387,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2006-11-02 01:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2006-11-21 12:44:10 | 00,102,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2006-11-02 01:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2006-11-02 00:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006-11-02 01:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2008-01-29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2006-11-01 23:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008-02-07 09:16:43 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006-11-02 00:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006-11-02 00:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006-11-02 01:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006-11-01 23:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])
[2006-11-09 07:55:10 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2006-11-09 07:53:58 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
[2006-10-18 18:10:57 | 01,380,864 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm [On_Demand | Stopped])
[2006-11-02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006-11-21 12:42:22 | 00,202,872 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys -- (IDSvix86 [On_Demand | Stopped])
[2006-11-02 01:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2006-12-07 18:12:02 | 00,076,584 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15 [Auto | Running])
[2007-04-23 18:13:22 | 01,769,952 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006-11-02 00:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2006-11-02 01:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])

Re: Please Help (Trojan Problem)20th November 2008, 12:32 am

[2006-11-02 01:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006-11-02 01:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2006-11-02 00:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])
[2006-11-02 00:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006-11-02 01:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006-11-02 01:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006-11-02 01:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2006-11-02 00:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006-06-20 05:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006-11-02 01:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2007-12-16 01:56:45 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006-11-02 01:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008-02-07 09:15:53 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006-11-02 01:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008-08-25 17:11:59 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008-02-06 18:21:32 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006-11-02 01:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006-11-02 01:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2007-05-02 19:54:26 | 00,013,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2006-11-02 01:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008-02-13 03:05:40 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2006-11-21 12:44:12 | 00,079,240 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2006-11-21 12:44:14 | 00,831,880 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2008-11-18 09:16:07 | 00,029,192 | ---- | M] () -- C:\Windows\System32\drivers\ndisprot.sys -- (Ndisprot [On_Demand | Stopped])
[2006-11-02 01:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2006-11-02 00:57:06 | 00,030,720 | ---- | M] (National Semiconductor Corporation) -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA [On_Demand | Running])
[2006-11-02 00:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2007-05-04 14:05:04 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
[2006-11-01 23:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2006-11-02 01:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006-11-02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006-11-02 01:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2007-04-03 09:04:28 | 00,039,680 | ---- | M] (O2Micro ) -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR [Boot | Running])
[2007-04-02 15:11:08 | 00,035,712 | ---- | M] (O2Micro ) -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR [Boot | Running])
[2006-11-02 01:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2008-02-07 03:09:06 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2007-04-12 17:43:24 | 00,020,264 | ---- | M] (HiTRUST) -- C:\Windows\System32\drivers\psdfilter.sys -- (PSDFilter [Boot | Running])
[2007-04-12 17:43:30 | 00,016,680 | ---- | M] (HiTRUST) -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ [Boot | Running])
[2007-04-12 17:43:28 | 00,060,712 | ---- | M] (HiTRUST) -- C:\Windows\System32\drivers\psdvdisk.sys -- (psdvdisk [Boot | Running])
[2006-11-02 01:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006-11-02 01:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2006-11-02 04:34:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2006-11-02 01:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008-11-18 09:19:04 | 00,005,760 | ---- | M] () -- C:\Windows\System32\drivers\restore.sys -- (restore [On_Demand | Stopped])
[2006-11-02 00:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006-11-01 23:30:56 | 00,044,544 | ---- | M] (Realtek Corporation) -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169 [On_Demand | Stopped])
[2006-11-02 01:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2008-07-06 23:40:49 | 00,056,108 | ---- | M] (PowerISO Computing, Inc.) -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2006-11-02 00:35:12 | 00,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus [Disabled | Stopped])
[2006-11-01 22:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008-02-13 03:09:25 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2008-02-07 09:16:31 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2008-02-07 09:16:31 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2008-02-07 09:16:31 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006-11-02 01:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006-11-02 01:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006-11-02 01:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2006-11-02 00:57:10 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2007-06-12 10:38:26 | 01,729,152 | ---- | M] () -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC [On_Demand | Running])
[2006-11-21 12:45:36 | 00,406,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
[2006-11-02 01:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008-02-18 19:49:23 | 00,716,272 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys -- (sptd [Boot | Running])
[2006-11-21 12:45:42 | 00,245,880 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP [On_Demand | Running])
[2006-11-21 12:45:42 | 00,275,576 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])
[2006-11-21 12:45:42 | 00,024,184 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX [System | Running])
[2008-02-06 18:21:32 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008-02-06 18:21:32 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2006-11-02 01:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2007-05-04 14:10:02 | 00,109,744 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2006-11-21 12:45:52 | 00,026,384 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2006-11-21 12:45:52 | 00,185,744 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2006-11-02 01:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006-11-02 01:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2006-10-23 11:17:32 | 00,179,896 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2006-11-02 00:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2006-11-02 00:57:35 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2006-11-02 01:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Running])
[2008-02-07 09:15:52 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008-02-07 09:15:52 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006-11-02 01:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006-11-02 01:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006-11-02 01:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006-11-02 01:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006-11-02 01:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2006-11-02 00:55:24 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006-11-02 00:55:22 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umpass.sys -- (UMPass [On_Demand | Stopped])
[2008-02-18 10:16:24 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2006-11-02 00:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2006-11-02 00:55:20 | 00,132,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Stopped])
[2006-11-02 00:57:48 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
[2006-11-02 00:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006-11-02 00:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006-11-02 01:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2007-05-02 19:54:26 | 00,050,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2006-11-02 01:51:30 | 00,290,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006-11-02 01:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006-11-02 00:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006-11-02 01:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008-02-13 03:09:26 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006-11-09 07:53:48 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
[2008-02-07 03:08:43 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [On_Demand | Running])
[2006-11-02 00:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2006-08-05 08:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio [Auto | Running])
[2007-12-06 09:51:00 | 00,298,496 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh [On_Demand | Stopped])
[2006-11-02 16:51:58 | 00,013,560 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B} [Auto | Running])

========== (R ) Internet Explorer ==========

Re: Please Help (Trojan Problem)20th November 2008, 12:33 am

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://en.us.acer.yahoo.com
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://en.us.acer.yahoo.com

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
"Start Page"=http://www.google.ca/
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (942 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.mininova.org
127.0.0.1 www.mininova.com
127.0.0.1 www.thepiratebay.org
127.0.0.1 www.suprbay.org
127.0.0.1 mininova.org
127.0.0.1 mininova.com
127.0.0.1 thepiratebay.org
127.0.0.1 suprbay.org

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}" (HKLM) -- C:\Windows\System32\eDStoolbar.dll (HiTRUST)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{90222687-F593-4738-B738-FBEE9C7B26DF}" (HKLM) -- c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" (HKLM) -- C:\Windows\System32\eDStoolbar.dll (HiTRUST)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Assist Launcher"=C:\Program Files\Acer Assist\launcher.exe ()
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" /startup (Leader Technologies)
"Acer Tour"= File not found
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
"Adobe Reader Speed Launcher"="c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
"eRecoveryService"= File not found
"IS CfgWiz"="c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT" (Symantec Corporation)
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" ()
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe (Dritek System Inc.)
"MSConfig"="C:\Windows\system32\msconfig.exe" /auto (Microsoft Corporation)
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" (Symantec Corporation)
"PLFSet"=rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting ( )
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
"RtHDVCpl"=RtHDVCpl.exe (Realtek Semiconductor)
"Skytel"=Skytel.exe (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" ()
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File not found
"UIWatcher"=C:\Program Files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe File not found
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoFolderOptions"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

Re: Please Help (Trojan Problem)20th November 2008, 12:33 am

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: C:\Program Files\BitComet\BitComet.exe [2008-01-31 23:20:14 | 02,194,744 | ---- | M] (www.BitComet.com)
&D&ownload all video with BitComet: C:\Program Files\BitComet\BitComet.exe [2008-01-31 23:20:14 | 02,194,744 | ---- | M] (www.BitComet.com)
&D&ownload all with BitComet: C:\Program Files\BitComet\BitComet.exe [2008-01-31 23:20:14 | 02,194,744 | ---- | M] (www.BitComet.com)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 -- %SystemRoot%\WindowsMobile\INetRepl.dll [2007-05-31 08:21:16 | 00,176,520 | ---- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Menu: @C:\Windows\WindowsMobile\INetRepl.dll,-223 -- %SystemRoot%\WindowsMobile\INetRepl.dll [2007-05-31 08:21:16 | 00,176,520 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007-04-19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}: Button: BitComet -- %ProgramFiles%\BitComet\tools\BitCometBHO_1.2.1.2.dll [2008-01-25 02:06:28 | 00,496,952 | ---- | M] (BitComet)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-ca.cab -- MSN Photo Upload Tool
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab -- Java Plug-in 1.6.0_04
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab -- Java Plug-in 1.6.0_04
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab -- Java Plug-in 1.6.0_04

========== (O17) DNS Name Servers ==========

{3094503E-9C51-454F-9130-0F1F488D86F5} (Servers: | Description: Microsoft Windows Mobile Remote Adapter)
{CB1DD564-091C-494F-B075-D0E8F65421BF} (Servers: | Description: Broadcom 802.11g Network Adapter)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A2587760-63ED-4EF5-B30D-A7C5B53EE597}" (HKLM) -- C:\Windows\system32\opnkkIAQ.dll File not found

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2006-11-02 01:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2006-11-02 01:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006-09-18 13:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

autorun.inf [[autorun] | shellexecute="resycled\boot.com c:" | shell\Open\command="resycled\boot.com c:" | shell=Open | ]
[2008-11-18 09:15:57 | 00,000,103 | RHS- | M] () -- C:\autorun.inf -- [ NTFS ]

autorun.inf [[autorun] | shellexecute="resycled\boot.com d:" | shell\Open\command="resycled\boot.com d:" | shell=Open | ]
[2008-11-18 09:15:57 | 00,000,103 | RHS- | M] () -- D:\autorun.inf -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77496956-7526-11dd-a088-0016d3ef9634}\Shell\AutoRun\command]
""=1nkbd8h.bat

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77496956-7526-11dd-a088-0016d3ef9634}\Shell\explore\Command]
""=1nkbd8h.bat

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77496956-7526-11dd-a088-0016d3ef9634}\Shell\open\Command]
""=1nkbd8h.bat

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=F:\setup.exe -- File not found

Re: Please Help (Trojan Problem)20th November 2008, 12:33 am

========== Files/Folders - Created Within 30 Days ==========

[2008-11-19 16:12:38 | 01,701,519 | -H-- | C] () -- C:\Users\Sunny\AppData\Local\IconCache.db
[2008-11-19 16:03:06 | 00,000,000 | ---D | C] -- C:\Users\Sunny\Desktop\New Folder
[2008-11-19 16:02:25 | 21,455,01184 | -HS- | C] () -- C:\hiberfil.sys
[2008-11-18 21:53:45 | 00,000,000 | ---D | C] -- C:\CombO-fIx.exe
[2008-11-18 21:53:39 | 00,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF6930.exe
[2008-11-18 21:49:38 | 00,000,000 | ---D | C] -- C:\Avenger
[2008-11-18 21:43:22 | 00,731,136 | ---- | C] () -- C:\Users\Sunny\Desktop\avenger.exe
[2008-11-18 18:40:49 | 00,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF2020.exe
[2008-11-18 18:26:35 | 00,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF31999.exe
[2008-11-18 18:22:41 | 00,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF31166.exe
[2008-11-18 18:14:22 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2008-11-18 18:14:22 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2008-11-18 18:14:22 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2008-11-18 18:14:22 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2008-11-18 18:14:22 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\Windows\fdsv.exe
[2008-11-18 18:14:22 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2008-11-18 18:14:22 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2008-11-18 18:14:22 | 00,049,152 | ---- | C] () -- C:\Windows\VFIND.exe
[2008-11-18 18:14:22 | 00,028,672 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2008-11-18 18:14:11 | 00,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF29573.exe
[2008-11-18 18:13:26 | 00,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF29426.exe
[2008-11-18 18:13:25 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swsc.exe
[2008-11-18 18:09:52 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2008-11-18 18:09:52 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008-11-18 17:07:24 | 00,002,560 | ---- | C] (BitComet) -- C:\Windows\System32\bitcometres.dll
[2008-11-18 09:20:35 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2008-11-18 09:20:06 | 15,636,9191 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2008-11-18 09:19:04 | 00,005,760 | ---- | C] () -- C:\Windows\System32\drivers\restore.sys
[2008-11-18 09:17:31 | 00,103,428 | ---- | C] () -- C:\Windows\System32\msxml71.dll
[2008-11-18 09:17:23 | 00,002,348 | ---- | C] () -- C:\Windows\System32\TDSSwfdm.dll
[2008-11-18 09:17:22 | 00,073,728 | ---- | C] () -- C:\Windows\System32\TDSSujov.dll
[2008-11-18 09:17:21 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TDSSpfpe.dll
[2008-11-18 09:17:20 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TDSSxrei.dll
[2008-11-18 09:17:20 | 00,000,000 | ---- | C] () -- C:\Windows\System32\cmdl.lock
[2008-11-18 09:17:19 | 00,068,698 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdl.exe
[2008-11-18 09:17:19 | 00,003,306 | ---- | C] () -- C:\Windows\System32\cnf.dat
[2008-11-18 09:17:18 | 00,000,527 | ---- | C] () -- C:\Windows\System32\TDSSxcrd.dat
[2008-11-18 09:17:16 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TDSSwrhm.dll
[2008-11-18 09:17:15 | 00,000,000 | RHSD | C] -- C:\RECYCLER
[2008-11-18 09:17:11 | 00,104,448 | ---- | C] () -- C:\ggfxrw.exe
[2008-11-18 09:17:07 | 00,023,040 | ---- | C] () -- C:\Windows\System32\fklame32.dll
[2008-11-18 09:17:05 | 00,000,705 | ---- | C] () -- C:\cxcnowy.exe
[2008-11-18 09:17:04 | 00,000,002 | ---- | C] () -- C:\715660275
[2008-11-18 09:16:57 | 00,037,376 | ---- | C] () -- C:\Windows\System32\yayvTlKC.dll
[2008-11-18 09:16:07 | 00,029,192 | ---- | C] () -- C:\Windows\System32\drivers\ndisprot.sys
[2008-11-18 09:15:57 | 00,000,103 | RHS- | C] () -- C:\autorun.inf
[2008-11-18 09:15:57 | 00,000,000 | RHSD | C] -- C:\resycled
[2008-11-18 09:15:39 | 00,000,000 | ---D | C] -- C:\Program Files\homeview
[2008-11-18 09:15:31 | 00,000,000 | ---D | C] -- C:\Windows\HDTVXviD Codec
[2008-11-16 22:34:30 | 00,428,603 | ---- | C] () -- C:\Users\Sunny\Documents\09f1500011.jpg
[2008-11-16 22:34:25 | 00,418,491 | ---- | C] () -- C:\Users\Sunny\Documents\09f1500021.jpg
[2008-11-16 22:34:21 | 00,422,718 | ---- | C] () -- C:\Users\Sunny\Documents\09f1500041.jpg
[2008-11-16 13:18:42 | 00,019,968 | ---- | C] () -- C:\Users\Sunny\Documents\87101 Order Number.doc
[2008-11-12 22:37:46 | 00,026,825 | ---- | C] () -- C:\Users\Sunny\Documents\DSC_0307.JPG
[2008-11-12 01:00:59 | 01,341,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2008-11-12 01:00:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2008-11-12 01:00:54 | 01,194,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2008-11-12 01:00:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2008-11-12 01:00:50 | 00,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2008-11-12 00:44:45 | 00,041,830 | ---- | C] () -- C:\Users\Sunny\Documents\n524280083_4736585_6859.jpg
[2008-11-08 19:40:46 | 00,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008-11-08 19:35:52 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2008-11-03 15:29:28 | 00,078,235 | ---- | C] () -- C:\Users\Sunny\Documents\Kim-Kardashian_3vkr-actressblogs-1.jpg
[2008-10-31 14:17:02 | 01,244,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2008-10-31 14:17:02 | 00,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2008-10-31 14:17:02 | 00,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2008-10-31 14:17:02 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2008-10-31 14:17:01 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2008-10-31 14:17:01 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2008-10-31 14:17:01 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2008-10-31 14:17:01 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2008-10-30 16:15:40 | 00,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2008-10-30 16:15:40 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2008-10-23 20:52:30 | 00,001,800 | ---- | C] () -- C:\Users\Public\Desktop\Easy CD-DA Extractor.lnk
[2008-10-23 20:52:28 | 00,000,000 | ---D | C] -- C:\Windows\Easy CD-DA Extractor 11.5.3
[2008-10-23 20:52:27 | 00,000,000 | ---D | C] -- C:\Program Files\Easy CD-DA Extractor 11
[2008-10-23 18:24:32 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2008-10-22 14:53:31 | 00,000,967 | ---- | C] () -- C:\Users\Public\Desktop\POWERPNT - Shortcut.lnk
[2008-10-22 14:52:56 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2008-10-21 22:17:26 | 00,001,061 | ---- | C] () -- C:\Users\Sunny\Desktop\Revo Uninstaller.lnk
[2008-10-21 22:17:26 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2008-10-21 22:13:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
[2008-10-21 21:57:56 | 00,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\Seven Zip
[2008-10-21 21:55:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2008-10-21 21:54:57 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works

========== Files - Modified Within 30 Days ==========

[2008-11-19 16:14:49 | 00,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2008-11-19 16:14:49 | 00,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2008-11-19 16:14:40 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2008-11-19 16:14:26 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2008-11-19 16:14:20 | 21,455,01184 | -HS- | M] () -- C:\hiberfil.sys
[2008-11-19 16:14:16 | 15,636,9191 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2008-11-19 16:12:38 | 01,701,519 | -H-- | M] () -- C:\Users\Sunny\AppData\Local\IconCache.db
[2008-11-19 16:09:06 | 00,002,348 | ---- | M] () -- C:\Windows\System32\TDSSwfdm.dll
[2008-11-18 21:53:03 | 00,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF6930.exe
[2008-11-18 18:45:20 | 00,073,728 | ---- | M] () -- C:\Windows\System32\TDSSujov.dll
[2008-11-18 18:45:15 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TDSSpfpe.dll
[2008-11-18 18:45:13 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TDSSxrei.dll
[2008-11-18 18:45:10 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TDSSwrhm.dll
[2008-11-18 18:45:05 | 00,000,527 | ---- | M] () -- C:\Windows\System32\TDSSxcrd.dat
[2008-11-18 18:40:45 | 00,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF2020.exe
[2008-11-18 18:26:30 | 00,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF31999.exe
[2008-11-18 18:22:15 | 00,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF31166.exe
[2008-11-18 18:14:07 | 00,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF29573.exe
[2008-11-18 18:13:22 | 00,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF29426.exe
[2008-11-18 17:17:08 | 00,001,356 | ---- | M] () -- C:\Users\Sunny\AppData\Local\d3d9caps.dat
[2008-11-18 17:07:24 | 00,002,560 | ---- | M] (BitComet) -- C:\Windows\System32\bitcometres.dll
[2008-11-18 17:06:46 | 00,111,616 | ---- | M] () -- C:\Users\Sunny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-11-18 09:19:04 | 00,005,760 | ---- | M] () -- C:\Windows\System32\drivers\restore.sys
[2008-11-18 09:17:31 | 00,103,428 | ---- | M] () -- C:\Windows\System32\msxml71.dll
[2008-11-18 09:17:20 | 00,068,698 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdl.exe
[2008-11-18 09:17:20 | 00,000,000 | ---- | M] () -- C:\Windows\System32\cmdl.lock
[2008-11-18 09:17:19 | 00,003,306 | ---- | M] () -- C:\Windows\System32\cnf.dat
[2008-11-18 09:17:14 | 00,104,448 | ---- | M] () -- C:\ggfxrw.exe
[2008-11-18 09:17:07 | 00,023,040 | ---- | M] () -- C:\Windows\System32\fklame32.dll
[2008-11-18 09:17:06 | 00,000,705 | ---- | M] () -- C:\cxcnowy.exe
[2008-11-18 09:17:05 | 00,000,002 | ---- | M] () -- C:\715660275
[2008-11-18 09:16:56 | 00,037,376 | ---- | M] () -- C:\Windows\System32\yayvTlKC.dll
[2008-11-18 09:16:56 | 00,000,942 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2008-11-18 09:16:07 | 00,029,192 | ---- | M] () -- C:\Windows\System32\drivers\ndisprot.sys
[2008-11-18 09:15:57 | 00,000,103 | RHS- | M] () -- C:\autorun.inf
[2008-11-17 21:06:17 | 00,000,501 | ---- | M] () -- C:\Users\Sunny\Documents\My Sharing Folders.lnk
[2008-11-16 22:34:31 | 00,428,603 | ---- | M] () -- C:\Users\Sunny\Documents\09f1500011.jpg
[2008-11-16 22:34:26 | 00,418,491 | ---- | M] () -- C:\Users\Sunny\Documents\09f1500021.jpg
[2008-11-16 22:34:23 | 00,422,718 | ---- | M] () -- C:\Users\Sunny\Documents\09f1500041.jpg
[2008-11-16 18:03:20 | 00,000,937 | ---- | M] () -- C:\Users\Sunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acer Product Registration.lnk
[2008-11-16 13:18:42 | 00,019,968 | ---- | M] () -- C:\Users\Sunny\Documents\87101 Order Number.doc
[2008-11-16 13:17:03 | 00,002,609 | ---- | M] () -- C:\Users\Sunny\Desktop\Microsoft Office Word 2003.lnk
[2008-11-12 22:37:41 | 00,026,825 | ---- | M] () -- C:\Users\Sunny\Documents\DSC_0307.JPG
[2008-11-12 00:44:46 | 00,041,830 | ---- | M] () -- C:\Users\Sunny\Documents\n524280083_4736585_6859.jpg
[2008-11-09 17:53:05 | 00,795,120 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2008-11-09 17:53:05 | 00,673,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2008-11-09 17:53:05 | 00,125,236 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2008-11-08 19:40:46 | 00,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2008-11-03 16:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2008-11-03 15:29:29 | 00,078,235 | ---- | M] () -- C:\Users\Sunny\Documents\Kim-Kardashian_3vkr-actressblogs-1.jpg
[2008-10-23 20:52:30 | 00,001,800 | ---- | M] () -- C:\Users\Public\Desktop\Easy CD-DA Extractor.lnk
[2008-10-22 14:54:44 | 00,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2008-10-22 14:53:31 | 00,000,967 | ---- | M] () -- C:\Users\Public\Desktop\POWERPNT - Shortcut.lnk
[2008-10-22 08:02:12 | 00,103,768 | ---- | M] () -- C:\Users\Sunny\AppData\Local\GDIPFONTCACHEV1.DAT
[2008-10-22 07:54:09 | 00,386,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2008-10-22 00:06:09 | 00,000,128 | ---- | M] () -- C:\Windows\win.ini
[2008-10-21 22:17:26 | 00,001,061 | ---- | M] () -- C:\Users\Sunny\Desktop\Revo Uninstaller.lnk
< End of report >

Re: Please Help (Trojan Problem)20th November 2008, 12:49 am

Thanks. Looks good, just a few things to delete now.
First, lets get rid of the wareout service and some leftovers to stop the infection returning.

Now open a new notepad file.
Input this into the notepad file:

@echo off
sc stop "Windows Tribute Service"
sc delete "Windows Tribute Service"
del Fixservices.bat
exit

Save this as Fixservices.bat, save it to your desktop.
Double click Fixservices.bat and the black cmd window will open and close, this is normal.

After you've done that.

Now open a another new notepad file.
Input this into the notepad file:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoFolderOptions"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A2587760-63ED-4EF5-B30D-A7C5B53EE597}"=-
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77496956-7526-11dd-a088-0016d3ef9634}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77496956-7526-11dd-a088-0016d3ef9634}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77496956-7526-11dd-a088-0016d3ef9634}]
Save this as fix.reg, save it to your desktop.
Double click fix.reg to run it.
Select yes to the registry merge prompt.

====

We need to run the avenger one last time.

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\Windows\System32\TDSSwfdm.dll
C:\Windows\System32\TDSSujov.dll
C:\Windows\System32\TDSSxcrd.dat
C:\Windows\System32\TDSSpfpe.dll
C:\Windows\System32\TDSSxrei.dll
C:\Windows\System32\TDSSwrhm.dll
C:\Windows\System32\CF2020.exe
C:\Windows\System32\CF31999.exe
C:\Windows\System32\CF31166.exe
C:\Windows\System32\CF29573.exe
C:\Windows\System32\CF29426.exe
C:\Windows\System32\CF29573.exe
C:\ggfxrw.exe
C:\cxcnowy.exe
C:\Windows\System32\yayvTlKC.dll
C:\Windows\System32\fklame32.dll
C:\autorun.inf
D:\autorun.inf
C:\resycled\boot.com
C:\CombO-fIx.exe

Folders to delete:
C:\resycled
C:\715660275
C:\Qoobox

Under "Input script here:", paste in the script from the quote box above.
Leave the ticked box "Scan for rootkit" ticked.
Don't tick the box below.
Now click on the Execute to begin execution of the script.
Answer "Yes" twice when prompted.

The Avenger will automatically do the following:
It will Restart your computer.
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

Re: Please Help (Trojan Problem)20th November 2008, 1:11 am

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Windows\System32\TDSSwfdm.dll" deleted successfully.
File "C:\Windows\System32\TDSSujov.dll" deleted successfully.
File "C:\Windows\System32\TDSSxcrd.dat" deleted successfully.
File "C:\Windows\System32\TDSSpfpe.dll" deleted successfully.
File "C:\Windows\System32\TDSSxrei.dll" deleted successfully.
File "C:\Windows\System32\TDSSwrhm.dll" deleted successfully.
File "C:\Windows\System32\CF2020.exe" deleted successfully.
File "C:\Windows\System32\CF31999.exe" deleted successfully.
File "C:\Windows\System32\CF31166.exe" deleted successfully.
File "C:\Windows\System32\CF29573.exe" deleted successfully.
File "C:\Windows\System32\CF29426.exe" deleted successfully.

Error: file "C:\Windows\System32\CF29573.exe" not found!
Deletion of file "C:\Windows\System32\CF29573.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\ggfxrw.exe" deleted successfully.
File "C:\cxcnowy.exe" deleted successfully.
File "C:\Windows\System32\yayvTlKC.dll" deleted successfully.
File "C:\Windows\System32\fklame32.dll" deleted successfully.
File "C:\autorun.inf" deleted successfully.
File "D:\autorun.inf" deleted successfully.
File "C:\resycled\boot.com" deleted successfully.

Error: "C:\CombO-fIx.exe" is a folder, not a file!
Deletion of file "C:\CombO-fIx.exe" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory

Folder "C:\resycled" deleted successfully.

Error: "C:\715660275" is not a folder! It may instead be a file.
Deletion of folder "C:\715660275" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file

Folder "C:\Qoobox" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Re: Please Help (Trojan Problem)20th November 2008, 1:14 am

Were done here.
You have been an awesome warrior, well done. Cheers Mate

Delete this folder:
C:\avenger

Empty your recycle bin.
How is the machine now?

Everything looks great --- your HijackThis log appears to be clean. Smile...

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck. Big Grin

Re: Please Help (Trojan Problem)20th November 2008, 1:21 am

Computer seems to be running smooth. You guys are amazing! I cant thank you enough. Now is my computer good to go? Like if im going to purchase anything online with credit cards, do banking and that sort of stuff?

Re: Please Help (Trojan Problem)20th November 2008, 1:23 am

Also can i remove combo fix avenger and those programs i installed?

Re: Please Help (Trojan Problem)20th November 2008, 1:23 am

Yep.

Just read my prevention speech above and you'll be fine. Smile...

Please Help (Trojan Problem)

descriptionPlease Help (Trojan Problem)19th November 2008, 1:22 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 1:23 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 1:27 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 1:28 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 1:35 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 1:37 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 1:50 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 1:51 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 1:52 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 1:55 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 2:01 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 2:02 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 2:08 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 2:08 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 2:11 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 2:12 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 2:15 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 2:17 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 2:19 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 2:22 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 2:32 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 2:34 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 2:39 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 2:40 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 2:45 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 2:46 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 2:48 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 2:48 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 2:49 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 2:51 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 6:03 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 6:04 am

descriptionRe: Please Help (Trojan Problem)19th November 2008, 12:17 pm

descriptionRe: Please Help (Trojan Problem)20th November 2008, 12:23 am

descriptionRe: Please Help (Trojan Problem)20th November 2008, 12:23 am

descriptionRe: Please Help (Trojan Problem)20th November 2008, 12:24 am

descriptionRe: Please Help (Trojan Problem)20th November 2008, 12:27 am

descriptionRe: Please Help (Trojan Problem)20th November 2008, 12:29 am

descriptionRe: Please Help (Trojan Problem)20th November 2008, 12:30 am

descriptionRe: Please Help (Trojan Problem)20th November 2008, 12:31 am

descriptionRe: Please Help (Trojan Problem)20th November 2008, 12:32 am

descriptionRe: Please Help (Trojan Problem)20th November 2008, 12:33 am

descriptionRe: Please Help (Trojan Problem)20th November 2008, 12:33 am

descriptionRe: Please Help (Trojan Problem)20th November 2008, 12:33 am

descriptionRe: Please Help (Trojan Problem)20th November 2008, 12:49 am

descriptionRe: Please Help (Trojan Problem)20th November 2008, 1:11 am

descriptionRe: Please Help (Trojan Problem)20th November 2008, 1:14 am

descriptionRe: Please Help (Trojan Problem)20th November 2008, 1:21 am

descriptionRe: Please Help (Trojan Problem)20th November 2008, 1:23 am

descriptionRe: Please Help (Trojan Problem)20th November 2008, 1:23 am

descriptionRe: Please Help (Trojan Problem)

Please Help (Trojan Problem)19th November 2008, 1:22 am

Re: Please Help (Trojan Problem)19th November 2008, 1:23 am

Re: Please Help (Trojan Problem)19th November 2008, 1:27 am

Re: Please Help (Trojan Problem)19th November 2008, 1:28 am

Re: Please Help (Trojan Problem)19th November 2008, 1:35 am

Re: Please Help (Trojan Problem)19th November 2008, 1:37 am

Re: Please Help (Trojan Problem)19th November 2008, 1:50 am

Re: Please Help (Trojan Problem)19th November 2008, 1:51 am

Re: Please Help (Trojan Problem)19th November 2008, 1:52 am

Re: Please Help (Trojan Problem)19th November 2008, 1:55 am

Re: Please Help (Trojan Problem)19th November 2008, 2:01 am

Re: Please Help (Trojan Problem)19th November 2008, 2:02 am

Re: Please Help (Trojan Problem)19th November 2008, 2:08 am

Re: Please Help (Trojan Problem)19th November 2008, 2:08 am

Re: Please Help (Trojan Problem)19th November 2008, 2:11 am

Re: Please Help (Trojan Problem)19th November 2008, 2:12 am

Re: Please Help (Trojan Problem)19th November 2008, 2:15 am

Re: Please Help (Trojan Problem)19th November 2008, 2:17 am

Re: Please Help (Trojan Problem)19th November 2008, 2:19 am

Re: Please Help (Trojan Problem)19th November 2008, 2:22 am

Re: Please Help (Trojan Problem)19th November 2008, 2:32 am

Re: Please Help (Trojan Problem)19th November 2008, 2:34 am

Re: Please Help (Trojan Problem)19th November 2008, 2:39 am

Re: Please Help (Trojan Problem)19th November 2008, 2:40 am

Re: Please Help (Trojan Problem)19th November 2008, 2:45 am

Re: Please Help (Trojan Problem)19th November 2008, 2:46 am

Re: Please Help (Trojan Problem)19th November 2008, 2:48 am

Re: Please Help (Trojan Problem)19th November 2008, 2:48 am

Re: Please Help (Trojan Problem)19th November 2008, 2:49 am

Re: Please Help (Trojan Problem)19th November 2008, 2:51 am

Re: Please Help (Trojan Problem)19th November 2008, 6:03 am

Re: Please Help (Trojan Problem)19th November 2008, 6:04 am

Re: Please Help (Trojan Problem)19th November 2008, 12:17 pm

Re: Please Help (Trojan Problem)20th November 2008, 12:23 am

Re: Please Help (Trojan Problem)20th November 2008, 12:23 am

Re: Please Help (Trojan Problem)20th November 2008, 12:24 am

Re: Please Help (Trojan Problem)20th November 2008, 12:27 am

Re: Please Help (Trojan Problem)20th November 2008, 12:29 am

Re: Please Help (Trojan Problem)20th November 2008, 12:30 am

Re: Please Help (Trojan Problem)20th November 2008, 12:31 am

Re: Please Help (Trojan Problem)20th November 2008, 12:32 am

Re: Please Help (Trojan Problem)20th November 2008, 12:33 am

Re: Please Help (Trojan Problem)20th November 2008, 12:33 am

Re: Please Help (Trojan Problem)20th November 2008, 12:33 am

Re: Please Help (Trojan Problem)20th November 2008, 12:49 am

Re: Please Help (Trojan Problem)20th November 2008, 1:11 am

Re: Please Help (Trojan Problem)20th November 2008, 1:14 am

Re: Please Help (Trojan Problem)20th November 2008, 1:21 am

Re: Please Help (Trojan Problem)20th November 2008, 1:23 am

Re: Please Help (Trojan Problem)20th November 2008, 1:23 am

Re: Please Help (Trojan Problem)