WiredWX Hobby Weather ToolsLog in

 


Help please, need to get rid of trogan

3 posters

descriptionSolvedHelp please, need to get rid of trogan

more_horiz
The trojan started out as generic!atr worm. I am running Windows XP and it also went onto my Windows Vista, so I have two comps I need help with destroying this virus. Please, what do I do to get rid of it? How do I make sure it is fully gone?

descriptionSolvedRe: Help please, need to get rid of trogan

more_horiz
Hello Lauren.
Welcome to Geekpolice. Smile...
If these two machines are on a network, please disconnect the two machines.

Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

descriptionSolvedRe: Help please, need to get rid of trogan

more_horiz
This log is from the Desktop:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:12 PM, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
I:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
I:\WINDOWS\eHome\ehRecvr.exe
I:\WINDOWS\eHome\ehSched.exe
I:\Program Files\McAfee\SiteAdvisor\McSACore.exe
I:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
i:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
i:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
I:\Program Files\McAfee\VirusScan\McShield.exe
I:\Program Files\McAfee\MPF\MPFSrv.exe
I:\Program Files\McAfee\MSK\MskSrver.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\PROGRA~1\AVG\AVG8\avgrsx.exe
I:\WINDOWS\system32\svchost.exe
i:\PROGRA~1\mcafee.com\agent\mcagent.exe
I:\PROGRA~1\AVG\AVG8\avgemc.exe
I:\WINDOWS\system32\dllhost.exe
I:\WINDOWS\ehome\ehtray.exe
I:\WINDOWS\stsystra.exe
I:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
I:\WINDOWS\eHome\ehmsas.exe
I:\PROGRA~1\AVG\AVG8\avgtray.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\WINDOWS\System32\svchost.exe
I:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
I:\PROGRA~1\AVG\AVG8\avgscanx.exe
I:\Program Files\AVG\AVG8\avgui.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - i:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - I:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - I:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - I:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - i:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - I:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - i:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - I:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] I:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [OpwareSE2] "I:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [mcagent_exe] I:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [AVG8_TRAY] I:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205620434984
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - i:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - I:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - I:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - I:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - i:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - I:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - i:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - I:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - I:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - I:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - I:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - I:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

--
End of file - 8147 bytes

descriptionSolvedRe: Help please, need to get rid of trogan

more_horiz
Hello.
We will clean the other machine, but lets get this clean before we touch that machine.

There is no signs of malware in that log, but I do see you are running two AV's (Anti virus's). AVG and McAfee. Two AV's will conflict with each other and cause more problems.

Please uninstall McAfee.

Please Download OTViewIt to your desktop.

  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum

descriptionSolvedRe: Help please, need to get rid of trogan

more_horiz
OTViewIt Extras logfile created on: 11/22/2008 1:22:50 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = I:\Documents and Settings\Lauren\Local Settings\Temporary Internet Files\Content.IE5\2HKLTY2X
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 576.49 Mb Available Physical Memory | 56.40% Memory free
2.40 Gb Paging File | 2.03 Gb Available in Paging File | 84.66% Paging File free
Paging file location(s): I:\pagefile.sys 1536 3072;

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive C: | 144.32 Gb Total Space | 144.18 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 298.08 Gb Total Space | 273.98 Gb Free Space | 91.92% Space Free | Partition Type: NTFS

Computer Name: LAUREN-FBB5CCF8
Current User Name: Lauren
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = chm.file] -- I:\WINDOWS\hh File not found
.hlp [@ = hlpfile] -- I:\WINDOWS\system32\winhlp32 File not found
.hta [@ = htafile] -- I:\WINDOWS\system32\mshta File not found
.html [@ = htmlfile] -- I:\Program Files\Internet Explorer\iexplore File not found
.inf [@ = inffile] -- I:\WINDOWS\system32\notepad File not found
.ini [@ = inifile] -- I:\WINDOWS\system32\notepad File not found
.js [@ = JSFile] -- I:\WINDOWS\system32\wscript File not found
.jse [@ = JSEFile] -- I:\WINDOWS\system32\wscript File not found
.reg [@ = regfile] -- I:\WINDOWS\regedit File not found
.txt [@ = txtfile] -- I:\WINDOWS\system32\notepad File not found
.vbe [@ = VBEFile] -- I:\WINDOWS\system32\wscript File not found
.vbs [@ = VBSFile] -- I:\WINDOWS\system32\wscript File not found
.wsf [@ = WSFFile] -- I:\WINDOWS\system32\wscript File not found
.wsh [@ = WSHFile] -- I:\WINDOWS\system32\wscript File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- I:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- I:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil
File not found -- I:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
File not found -- I:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- I:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
File not found -- I:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- I:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2008/11/11 15:16:53 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) I:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])
msdaipp: [HKLM - No CLSID value]
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2007/03/14 12:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) I:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2007/05/10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) I:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) I:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

descriptionSolvedRe: Help please, need to get rid of trogan

more_horiz
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}"=Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}"=DirectXInstallService
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}"=Roxio CinePlayer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}"=Roxio Central Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{3249FD43-B24B-413F-B786-F8FEA32FA747}"=V CAST Music
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}"=iTunes
"{3E67A8DA-FE7B-4160-8465-F5571EA18753}"=Roxio Disc Gallery
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}"=Apple Mobile Device Support
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"{4CEA6811-DFAD-4892-828D-49941FE3B779}"=Intel(R) PROSet for Wired Connections
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}"=Roxio BackOnTrack
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}"=Sony USB Driver
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}"=Roxio File Backup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}"=Roxio Central Audio
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}"=OmniPage SE 2.0
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}"=Roxio CinePlayer Decoder Pack
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{9941F0AA-B903-4AF4-A055-83A9815CC011}"=Sonic Encoders
"{9A9A1828-31D1-4590-A99F-022B7237AFAE}"=Roxio MediaShare
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}"=SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}"=Adobe Bridge 1.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}"=Roxio Central Copy
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}"=BlueSoleil
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}"=Roxio Easy Media Creator 10 Suite
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}"=Linksys Wireless-G USB Network Adapter
"{CA9A3609-3ECC-4574-8824-A8161A71A603}"=Canon MP150
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{EC877639-07AB-495C-BFD1-D63AF9140810}"=Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}"=Roxio Central Core
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}"=Adobe Premiere Pro 2.0
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1"=BitPim 1.0.5
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}"=Dell Resource CD
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}"=EMC 10 Content
"1Click DVD Copy 4.1"=1Click DVD Copy 4.1
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Premiere Pro 2.0"=Adobe Premiere Pro 2.0
"AVG8Uninstall"=AVG Free 8.0
"B3EE3001-DC24-4cd1-8743-5692C716659F"=Otto
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"Cool Edit Pro 2.0"=Cool Edit Pro 2.0
"DVD Decrypter"=DVD Decrypter (Remove Only)
"DVD43_is1"=DVD43 v3.5.3
"Handbrake"=Handbrake 0.9.2
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"LG USB Drivers"=LG USB Drivers
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PROSet"=Intel(R) PRO Network Connections Drivers
"ThreatExpert Memory Scanner_is1"=ThreatExpert Memory Scanner 1.0
"VCast Music Essentials Manager"=V CAST Music Essentials Manager
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/7/2008 5:42:12 PM | Computer Name = LAUREN-FBB5CCF8 | Source = McLogEvent | ID = 5022
Description =

Error - 11/7/2008 5:44:52 PM | Computer Name = LAUREN-FBB5CCF8 | Source = McLogEvent | ID = 5022
Description =

Error - 11/7/2008 5:44:52 PM | Computer Name = LAUREN-FBB5CCF8 | Source = McLogEvent | ID = 5022
Description =

Error - 11/7/2008 5:46:23 PM | Computer Name = LAUREN-FBB5CCF8 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 4556, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 11/7/2008 5:46:23 PM | Computer Name = LAUREN-FBB5CCF8 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/7/2008 5:46:26 PM | Computer Name = LAUREN-FBB5CCF8 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 4556, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 11/11/2008 1:35:09 PM | Computer Name = LAUREN-FBB5CCF8 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x72206562.

Error - 11/11/2008 1:35:17 PM | Computer Name = LAUREN-FBB5CCF8 | Source = Application Error | ID = 1001
Description = Fault bucket 247506802.

Error - 11/11/2008 1:35:24 PM | Computer Name = LAUREN-FBB5CCF8 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 11/11/2008 1:35:27 PM | Computer Name = LAUREN-FBB5CCF8 | Source = Application Error | ID = 1001
Description = Fault bucket 223121472.

[ System Events ]
Error - 11/11/2008 4:53:16 PM | Computer Name = LAUREN-FBB5CCF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/11/2008 4:54:32 PM | Computer Name = LAUREN-FBB5CCF8 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 Fips intelppm mfehidk

Error - 11/11/2008 4:54:54 PM | Computer Name = LAUREN-FBB5CCF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 11/11/2008 4:54:55 PM | Computer Name = LAUREN-FBB5CCF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 11/11/2008 4:55:06 PM | Computer Name = LAUREN-FBB5CCF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McShield with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 11/11/2008 4:55:06 PM | Computer Name = LAUREN-FBB5CCF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 11/11/2008 4:55:36 PM | Computer Name = LAUREN-FBB5CCF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/11/2008 5:24:14 PM | Computer Name = LAUREN-FBB5CCF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/11/2008 5:25:47 PM | Computer Name = LAUREN-FBB5CCF8 | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 11/22/2008 9:45:07 AM | Computer Name = LAUREN-FBB5CCF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service RoxMediaDB10
with arguments "" in order to run the server: {14EFC14B-A5E8-4CC7-8E8F-2E46FA6A3878}


< End of report >

descriptionSolvedRe: Help please, need to get rid of trogan

more_horiz
OTViewIt logfile created on: 11/22/2008 1:22:49 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = I:\Documents and Settings\Lauren\Local Settings\Temporary Internet Files\Content.IE5\2HKLTY2X
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 576.49 Mb Available Physical Memory | 56.40% Memory free
2.40 Gb Paging File | 2.03 Gb Available in Paging File | 84.66% Paging File free
Paging file location(s): I:\pagefile.sys 1536 3072;

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive C: | 144.32 Gb Total Space | 144.18 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 298.08 Gb Total Space | 273.98 Gb Free Space | 91.92% Space Free | Partition Type: NTFS

Computer Name: LAUREN-FBB5CCF8
Current User Name: Lauren
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/11/11 15:16:42 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
[2008/03/28 17:34:00 | 00,072,704 | ---- | M] (Creative Labs) -- I:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
[2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\eHome\ehRecvr.exe
[2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\eHome\ehSched.exe
[2004/11/11 17:10:00 | 00,127,046 | ---- | M] (NVIDIA Corporation) -- I:\WINDOWS\system32\nvsvc32.exe
[2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\ehome\mcrdsvc.exe
[2008/11/11 15:16:42 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\PROGRA~1\AVG\AVG8\avgrsx.exe
[2008/11/11 15:16:43 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\PROGRA~1\AVG\AVG8\avgemc.exe
[2005/08/05 13:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\ehome\ehtray.exe
[2005/03/22 18:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- I:\WINDOWS\stsystra.exe
[2003/05/08 11:00:58 | 00,049,152 | ---- | M] (ScanSoft, Inc.) -- I:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
[2008/11/11 15:16:44 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\PROGRA~1\AVG\AVG8\avgtray.exe
[2005/08/05 13:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\eHome\ehmsas.exe
[2008/07/01 16:38:35 | 00,068,856 | ---- | M] (Google Inc.) -- I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- I:\Program Files\Internet Explorer\iexplore.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\wuauclt.exe
[2008/04/13 19:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/11/22 13:22:47 | 00,422,400 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Lauren\Local Settings\Temporary Internet Files\Content.IE5\2HKLTY2X\OTViewIt[1].exe

========== (O23) Win32 Services ==========

File not found -- -- (aawservice [Auto | Running])
File not found -- -- (Adobe LM Service [Disabled | Stopped])
File not found -- -- (Alerter [Disabled | Stopped])
File not found -- -- (Apple Mobile Device [Disabled | Stopped])
File not found -- -- (AppMgmt [On_Demand | Stopped])
File not found -- -- (aspnet_state [On_Demand | Stopped])
File not found -- -- (avg8emc [Auto | Running])
File not found -- -- (avg8wd [Auto | Running])
[2008/08/23 22:42:37 | 00,000,000 | ---D | M] -- I:\WINDOWS\System32\bits -- (BITS [Auto | Running])
File not found -- -- (BlueSoleil Hid Service [Disabled | Stopped])
File not found -- -- (Bonjour Service [Disabled | Stopped])
File not found -- -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (COMSysApp [On_Demand | Running])
File not found -- -- (Creative Labs Licensing Service [Auto | Running])
File not found -- -- (DcomLaunch [Auto | Running])
[2008/03/09 14:38:10 | 00,000,000 | ---D | M] -- I:\WINDOWS\System32\dhcp -- (Dhcp [Auto | Running])
File not found -- -- (Dnscache [Auto | Running])
[2008/04/13 19:11:52 | 00,132,096 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\dot3svc.dll -- (Dot3svc [On_Demand | Stopped])
File not found -- -- (EapHost [On_Demand | Stopped])
File not found -- -- (ehRecvr [Auto | Running])
File not found -- -- (ehSched [Auto | Running])
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\eventlog.dll -- (Eventlog [Auto | Running])
File not found -- -- (EventSystem [On_Demand | Running])
File not found -- -- (FastUserSwitchingCompatibility [On_Demand | Running])
File not found -- -- (FontCache3.0.0.0 [On_Demand | Stopped])
File not found -- -- (gusvc [On_Demand | Stopped])
File not found -- -- (helpsvc [Auto | Running])
File not found -- -- (hkmsvc [On_Demand | Stopped])
File not found -- -- (HTTPFilter [On_Demand | Running])
File not found -- -- (idsvc [Unknown | Stopped])
File not found -- -- (ImapiService [On_Demand | Stopped])
File not found -- -- (iPod Service [Disabled | Stopped])
File not found -- -- (lanmanserver [Auto | Running])
File not found -- -- (lanmanworkstation [Auto | Running])
File not found -- -- (LmHosts [Auto | Running])
File not found -- -- (McrdSvc [Auto | Running])
File not found -- -- (Messenger [Disabled | Stopped])
[2004/08/10 04:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
[2008/03/09 19:51:36 | 00,000,000 | ---D | M] -- I:\WINDOWS\system32\msdtc -- (MSDTC [On_Demand | Stopped])
File not found -- -- (MSIServer [On_Demand | Stopped])
File not found -- -- (napagent [On_Demand | Stopped])
File not found -- -- (NetDDEdsdm [Disabled | Stopped])
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\netlogon.dll -- (Netlogon [On_Demand | Stopped])
File not found -- -- (NetSvc [On_Demand | Stopped])
File not found -- -- (NetTcpPortSharing [Disabled | Stopped])
File not found -- -- (Nla [On_Demand | Running])
File not found -- -- (NtLmSsp [On_Demand | Stopped])
File not found -- -- (NVSvc [Auto | Running])
File not found -- -- (ose [On_Demand | Stopped])
File not found -- -- (PlugPlay [Auto | Running])
File not found -- -- (PolicyAgent [Auto | Running])
File not found -- -- (ProtectedStorage [Auto | Running])
[2008/04/13 19:12:03 | 00,061,440 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\rasman.dll -- (RasMan [On_Demand | Running])
File not found -- -- (RDSessMgr [On_Demand | Stopped])
File not found -- -- (RemoteAccess [Disabled | Stopped])
File not found -- -- (RemoteRegistry [Auto | Running])
File not found -- -- (Roxio UPnP Renderer 10 [Disabled | Stopped])
File not found -- -- (Roxio Upnp Server 10 [Disabled | Stopped])
File not found -- -- (RoxLiveShare10 [Auto | Stopped])
File not found -- -- (RoxMediaDB10 [Disabled | Stopped])
File not found -- -- (RoxWatch10 [Disabled | Stopped])
File not found -- -- (RpcLocator [On_Demand | Stopped])
[2008/04/13 19:12:04 | 00,399,360 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\rpcss.dll -- (RpcSs [Auto | Running])
File not found -- -- (SamSs [Auto | Running])
File not found -- -- (Schedule [Auto | Running])
File not found -- -- (SessionLauncher [Disabled | Stopped])
File not found -- -- (SharedAccess [Auto | Running])
File not found -- -- (ShellHWDetection [Auto | Running])
File not found -- -- (Spooler [Auto | Running])
File not found -- -- (srservice [Auto | Running])
[2008/04/13 19:12:07 | 00,071,680 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\ssdpsrv.dll -- (SSDPSRV [Auto | Running])
File not found -- -- (stisvc [Auto | Running])
[2004/08/10 06:00:00 | 00,138,752 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\swprv.dll -- (SwPrv [On_Demand | Stopped])
File not found -- -- (SysmonLog [On_Demand | Stopped])
File not found -- -- (TermService [On_Demand | Running])
[2008/03/15 18:00:51 | 00,000,000 | ---D | M] -- I:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\Themes -- (Themes [Auto | Running])
[2008/04/13 19:12:08 | 00,185,856 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\upnphost.dll -- (upnphost [On_Demand | Stopped])
File not found -- -- (VSS [On_Demand | Stopped])
File not found -- -- (WebClient [Auto | Running])
File not found -- -- (winmgmt [Auto | Running])
File not found -- -- (WmdmPmSN [On_Demand | Stopped])
[2008/04/13 19:11:15 | 00,005,632 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\wmi.dll -- (Wmi [On_Demand | Stopped])
File not found -- -- (WmiApSrv [On_Demand | Stopped])
File not found -- -- (WMPNetworkSvc [On_Demand | Stopped])
[2006/09/28 17:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\WudfSvc.dll -- (WudfSvc [Auto | Running])

========== Driver Services ==========

[2008/04/13 13:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2008/03/09 20:39:58 | 00,019,915 | ---- | M] (Meetinghouse Data Communications) -- I:\WINDOWS\System32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2008/04/13 13:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2008/11/11 15:16:58 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\WINDOWS\System32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/11/11 15:16:56 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\WINDOWS\System32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/11/11 15:17:01 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\WINDOWS\System32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2005/05/31 14:40:20 | 00,020,480 | ---- | M] (IVT Corporation) -- I:\WINDOWS\System32\drivers\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])
File not found -- -- (BT [On_Demand | Running])
File not found -- -- (BTHidEnum [On_Demand | Running])
[2005/04/30 13:50:10 | 00,028,271 | ---- | M] (IVT Corporation) -- I:\WINDOWS\System32\drivers\BTHidMgr.sys -- (BTHidMgr [Boot | Running])
[2004/12/16 15:32:54 | 00,013,304 | ---- | M] () -- I:\WINDOWS\System32\drivers\BTNetFilter.sys -- (BTNetFilter [On_Demand | Stopped])
[2004/12/13 16:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- I:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
[2008/03/15 17:36:57 | 00,018,816 | ---- | M] (RIF) -- I:\WINDOWS\System32\drivers\dvd43llh.sys -- (dvd43llh [On_Demand | Running])
File not found -- -- (e1express [On_Demand | Running])
[2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- I:\WINDOWS\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
File not found -- -- (Gpc [On_Demand | Running])
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- I:\WINDOWS\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/05/11 11:30:52 | 00,247,808 | ---- | M] (Intel Corporation) -- I:\WINDOWS\System32\drivers\iaStor.sys -- (iastor [Boot | Running])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/04/13 13:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
File not found -- -- (nv [On_Demand | Running])
File not found -- -- (PptpMiniport [On_Demand | Running])
[2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- I:\WINDOWS\System32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/07/26 02:00:00 | 00,043,872 | ---- | M] (Sonic Solutions) -- I:\WINDOWS\System32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
File not found -- -- (ROOTMODEM [On_Demand | Running])
[2007/08/18 02:09:04 | 00,057,328 | ---- | M] (Sonic Solutions) --

descriptionSolvedRe: Help please, need to get rid of trogan

more_horiz
I:\WINDOWS\System32\drivers\RxFilter.sys -- (RxFilter [Disabled | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- I:\WINDOWS\System32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2002/10/15 21:41:06 | 00,102,220 | ---- | M] (Sony Corporation) -- I:\WINDOWS\System32\drivers\sonypvs1.sys -- (sonypvs1 [On_Demand | Stopped])
[2005/06/14 17:40:08 | 00,180,864 | ---- | M] (SigmaTel, Inc.) -- I:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2008/07/22 19:32:44 | 00,032,000 | ---- | M] (Apple, Inc.) -- I:\WINDOWS\System32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2004/10/19 12:37:38 | 00,061,312 | ---- | M] (IVT Corporation) -- I:\WINDOWS\System32\drivers\VComm.sys -- (VComm [On_Demand | Running])
[2005/03/25 16:18:48 | 00,082,148 | ---- | M] (IVT Corporation) -- I:\WINDOWS\System32\drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running])
File not found -- -- (VgaSave [System | Running])
[2006/04/20 20:19:34 | 00,104,576 | R--- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\drivers\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
File not found -- -- (WUSB54GPV4SRV [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=I:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://aol.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- I:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - I:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- I:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- I:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- I:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (HKLM) -- I:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- I:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- I:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=I:\PROGRA~1\AVG\AVG8\avgtray.exe File not found
"ehTray"=I:\WINDOWS\ehome\ehtray.exe File not found
"NvCplDaemon"=RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"OpwareSE2"="I:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" File not found
"SigmatelSysTrayApp"=stsystra.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=I:\WINDOWS\system32\ctfmon.exe File not found
"swg"=I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found

========== (O4) Startup Folders ==========

File not found -- I:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop
File not found -- I:\Documents and Settings\Lauren\Start Menu\Programs\Startup\desktop

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=I:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=I:\WINDOWS\Resources\Themes\Royale.the -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=255
"_NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs [Messenger] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205620434984 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{9600F64D-755F-11D4-A47F-0001023E6D5A}: http://web1.shutterfly.com/downloads/Uploader.cab -- Shutterfly Picture Upload Plugin
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab -- Java Plug-in 1.6.0_06
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

========== (O17) DNS Name Servers ==========

{531F3E21-AFF8-4D0B-9C8A-CF8E0F3F94C8} (Servers: | Description: )
{8DF8743C-6960-4338-97AB-3F91E8AFDD6F} (Servers: | Description: )
{BDEAB5C4-4F71-494B-8FCA-BDE2F44523FA} (Servers: | Description: Intel(R) PRO/1000 PL Network Connection)
{D7BF3C5A-2EE1-48B7-9FE6-BB0E5463ED53} (Servers: | Description: Linksys Wireless-G USB Network Adapter)
{DE928B98-C57C-4375-8A1B-9803F0BB94C4} (Servers: | Description: 1394 Net Adapter)

========== (O20) AppInit_DLLs ==========

descriptionSolvedRe: Help please, need to get rid of trogan

more_horiz
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/11/11 15:17:01 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\WINDOWS\system32\avgrsstx.dll

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=Explorer.exe
>File not found -- I:\WINDOWS\explorer

"UserInit"=I:\WINDOWS\system32\userinit.exe,
>File not found -- I:\WINDOWS\system32\userinit

"UIHost"=logonui.exe
>File not found -- I:\WINDOWS\system32\logonui

"VMApplet"=rundll32 shell32,Control_RunDLL "sysdm.cpl"
>File not found -- I:\WINDOWS\system32\sysdm


========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
Your Image File Name Here without a path:"Debugger" = I:\WINDOWS\system32\ntsd File not found

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autorun.inf [[autorun] | open=setup.exe | ]
File not found -- I:\autorun -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b19d1a4a-16ed-11dd-b6b5-0014bf74a2b6}\Shell\AutoRun\command]
""=K:\WD_Windows_Tools\Setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 I:\WINDOWS\System32\*.tmp files]
[7 I:\WINDOWS\*.tmp files]
[2008/11/22 13:11:40 | 00,001,734 | ---- | C] () -- I:\Documents and Settings\Lauren\Desktop\HijackThis.lnk
[2008/11/22 13:11:38 | 00,000,000 | ---D | C] -- I:\Program Files\Trend Micro
[2008/11/12 20:23:36 | 00,202,071 | ---- | C] () -- I:\Documents and Settings\Lauren\My Documents\RipIt4Me.zip
[2008/11/11 18:32:02 | 00,455,296 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/11 18:31:24 | 01,106,944 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\msxml3.dll
[2008/11/11 17:20:32 | 00,000,000 | R--D | C] -- I:\Documents and Settings\Lauren\My Documents\My Music
[2008/11/11 16:33:03 | 00,000,000 | ---D | C] -- I:\Program Files\ThreatExpert Memory Scanner
[2008/11/11 16:26:12 | 00,000,000 | ---D | C] -- I:\WINDOWS\pss
[2008/11/11 15:36:08 | 00,000,000 | -H-D | C] -- I:\$AVG8.VAULT$
[2008/11/11 15:17:02 | 00,001,507 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/11/11 15:17:01 | 00,076,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- I:\WINDOWS\System32\drivers\avgtdix.sys
[2008/11/11 15:17:01 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- I:\WINDOWS\System32\avgrsstx.dll
[2008/11/11 15:16:58 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- I:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/11 15:16:56 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- I:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/11 15:16:53 | 30,281,709 | ---- | C] () -- I:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/11/11 15:16:53 | 06,061,540 | ---- | C] () -- I:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/11 15:16:53 | 00,334,743 | ---- | C] () -- I:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/11 15:16:53 | 00,042,274 | ---- | C] () -- I:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/11 15:16:53 | 00,000,000 | ---D | C] -- I:\WINDOWS\System32\drivers\Avg
[2008/11/11 15:16:42 | 00,000,000 | ---D | C] -- I:\Program Files\AVG
[2008/11/11 15:16:42 | 00,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\avg8
[2008/11/11 15:14:35 | 00,000,000 | ---D | C] -- I:\Documents and Settings\Lauren\My Documents\Roxio
[2008/11/09 18:00:11 | 00,000,000 | ---D | C] -- I:\Documents and Settings\Lauren\Desktop\Pics
[2008/11/08 13:03:03 | 00,000,000 | R--D | C] -- I:\Documents and Settings\Lauren\My Documents\My Pictures
[2008/11/07 16:57:38 | 00,333,824 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\srv.sys
[2008/11/07 16:56:05 | 01,846,400 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\win32k.sys
[2008/11/07 16:55:56 | 02,145,280 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/11/07 16:55:55 | 02,189,184 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/11/07 16:55:54 | 02,066,048 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/11/07 16:55:54 | 02,023,936 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/11/07 16:52:07 | 00,337,408 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\netapi32.dll
[2008/11/07 16:51:19 | 00,000,793 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/07 16:51:03 | 00,000,000 | ---D | C] -- I:\Program Files\Common Files\Wise Installation Wizard
[2008/11/07 16:42:49 | 00,000,000 | ---D | C] -- I:\Documents and Settings\Lauren\My Documents\Bluetooth
[2008/11/07 16:38:37 | 00,000,000 | ---D | C] -- I:\WINDOWS\Temporary Internet Files
[2008/11/07 16:38:37 | 00,000,000 | ---D | C] -- I:\WINDOWS\System32\COLOR
[2008/11/07 16:38:37 | 00,000,000 | ---D | C] -- I:\WINDOWS\History
[2008/11/07 16:38:37 | 00,000,000 | ---D | C] -- I:\WINDOWS\Cookies
[2008/11/07 16:38:37 | 00,000,000 | ---D | C] -- I:\KPCMS
[2008/11/07 16:34:20 | 00,000,000 | ---D | C] -- I:\drvrtmp
[2008/11/07 16:34:20 | 00,000,000 | ---D | C] -- I:\Config.Msi
[2008/11/07 16:34:18 | 00,000,000 | ---D | C] -- I:\Program Files\LimeWire
[2008/11/07 16:34:06 | 00,000,000 | ---D | C] -- I:\Program Files\ComPlus Applications
[2008/11/07 16:20:48 | 00,000,000 | ---D | C] -- I:\Program Files\Webroot
[2008/11/07 16:20:48 | 00,000,000 | ---D | C] -- I:\Documents and Settings\Lauren\Application Data\Webroot
[2008/11/07 16:20:48 | 00,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Webroot
[2008/11/06 21:01:20 | 00,000,000 | ---D | C] -- I:\Documents and Settings\Lauren\My Documents\PcSetup
[2008/11/06 19:08:28 | 00,000,000 | -HSD | C] -- I:\WINDOWS\CSC
[2008/11/06 18:58:48 | 00,000,000 | ---D | C] -- I:\Program Files\Alwil Software

========== Files - Modified Within 30 Days ==========

[1 I:\WINDOWS\System32\*.tmp files]
[7 I:\WINDOWS\*.tmp files]
[2008/11/22 13:21:43 | 00,007,275 | ---- | M] () -- I:\WINDOWS\System32\nvapps.xml
[2008/11/22 13:21:15 | 00,000,006 | -H-- | M] () -- I:\WINDOWS\tasks\SA.DAT
[2008/11/22 13:21:03 | 00,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2008/11/22 13:11:41 | 00,001,734 | ---- | M] () -- I:\Documents and Settings\Lauren\Desktop\HijackThis.lnk
[2008/11/22 08:36:41 | 30,281,709 | ---- | M] () -- I:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/11/20 21:52:05 | 00,042,274 | ---- | M] () -- I:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/20 21:47:43 | 00,002,206 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2008/11/12 22:06:34 | 03,771,818 | -H-- | M] () -- I:\Documents and Settings\Lauren\Local Settings\Application Data\IconCache.db
[2008/11/12 20:23:38 | 00,202,071 | ---- | M] () -- I:\Documents and Settings\Lauren\My Documents\RipIt4Me.zip
[2008/11/11 18:34:49 | 00,001,393 | ---- | M] () -- I:\WINDOWS\imsins.BAK
[2008/11/11 18:29:00 | 00,000,743 | ---- | M] () -- I:\WINDOWS\win.ini
[2008/11/11 18:29:00 | 00,000,253 | ---- | M] () -- I:\WINDOWS\system.ini
[2008/11/11 15:18:07 | 00,334,743 | ---- | M] () -- I:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/11 15:17:02 | 00,001,507 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/11/11 15:17:01 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\WINDOWS\System32\drivers\avgtdix.sys
[2008/11/11 15:17:01 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\WINDOWS\System32\avgrsstx.dll
[2008/11/11 15:16:58 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/11 15:16:56 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/11 15:16:53 | 06,061,540 | ---- | M] () -- I:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/08 13:02:20 | 00,009,728 | ---- | M] () -- I:\Documents and Settings\Lauren\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/07 17:05:59 | 00,245,512 | ---- | M] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/07 16:51:19 | 00,000,793 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/07 16:46:26 | 00,462,976 | ---- | M] () -- I:\WINDOWS\System32\perfh009.dat
[2008/11/07 16:46:26 | 00,078,478 | ---- | M] () -- I:\WINDOWS\System32\perfc009.dat
[2008/11/07 16:28:41 | 00,000,734 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\HOSTS
[2008/11/06 18:59:09 | 00,002,626 | ---- | M] () -- I:\WINDOWS\System32\CONFIG.NT
[2008/11/03 19:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\MRT.exe
[2008/10/24 06:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\drivers\mrxsmb.sys
[2008/10/24 06:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\mrxsmb.sys
< End of report >

descriptionSolvedRe: Help please, need to get rid of trogan

more_horiz
Ok....both are fully posted

descriptionSolvedRe: Help please, need to get rid of trogan

more_horiz
All looks clean.
What problems remain?

descriptionSolvedRe: Help please, need to get rid of trogan

more_horiz
When I did the AVG, it said the trojan was in mcafee quarantine and it kept popping up in adaware

descriptionSolvedRe: Help please, need to get rid of trogan

more_horiz
With the laptop, there is an MRU object that won't go away and I think it is associated with internet explorer.

descriptionSolvedRe: Help please, need to get rid of trogan

more_horiz
AVG said it was in McAfee quarantine? then nothing to worry about, it's dead.
When you uninstalled McAfee, it probably took it's stuff away with it, so it's gone now.
MRU cache is like temporary files, use this to clean it.

Download ATF Cleaner

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
  • Close ATF-Cleaner.exe.

descriptionSolvedRe: Help please, need to get rid of trogan

more_horiz
Both computers don't have any trace of the worm anymore?

descriptionSolvedRe: Help please, need to get rid of trogan

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum