Avast WEBforum

Other => Viruses and worms => Topic started by: jbalcorn on January 16, 2008, 08:49:52 PM

Title: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 16, 2008, 08:49:52 PM

I am not in any way a computer expert, or even close and have found this with Avast.  It reccommends to move it but when the computer is restarted it comes up again.  Also I can not download anything off the internet like links I have found in previous discussions of this problem because when I hit the run button the computer restarts itself.  Please help and bear with me! :o
Thank you!

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: Lisandro on January 16, 2008, 08:57:45 PM

If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:

1. Disable System Restore on Windows ME (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887), XP (http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405) or Vista (http://support.microsoft.com/?scid=kb%3Ben-us%3B936212&x=6&y=13). System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable System Restore again after step 3.

2. Clean your temporary files. You can use CleanUp (http://www.stevengould.org/downloads/cleanup/) or the Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html) features for that.

3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (http://support.microsoft.com/default.aspx?scid=kb;en-us;315222) (repeatedly press F8 while booting).

4. It will be good if you download, install, update and run SUPERantispyware (http://www.superantispyware.com) or Spyware Terminator (http://www.spywareterminator.com/). Some users recommend AVG Antispyware (http://www.ewido.net/en/) or a-squared (http://www.emsisoft.com/en/software/free/) (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

5. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest AVG (http://www.grisoft.com/doc/download-free-anti-rootkit/us/crp/0) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp) (for XP/Vista). For XP: Panda (http://research.pandasoftware.com/blogs/research/archive/2007/04/27/New-Panda-Anti_2D00_Rootkit-_2D00_-Version-1.07.aspx) (for XP).

6. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here and, specially, scan and submit to on-line analysis the RunScanner (http://www.runscanner.net/) log would help to identify the problem and the solution.

7. After you're clean, use the immunization of SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or, which is better, the  Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html) features of spyware/adware cleaning and removal.

8. Finally, when you're clean, check for insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/) to update insecure applications and avoid reinfection.

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 16, 2008, 09:06:03 PM

That doesn't sound good. Download and run these in the order posted. When downloaded use the save not the run button and save them to your desktop.

Download ComboFix from Here (http://subs.geekstogo.com/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

Double click combofix.exe and follow the prompts.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.



Click here (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  
• Put a check by Create a desktop icon then click Next again.
  
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
  
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
  

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: Maxx_original on January 16, 2008, 09:33:28 PM

is the file located in C: root? if yes, then you can find some related topics here ;)

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 16, 2008, 09:49:55 PM

Quote from: Maxx_original on January 16, 2008, 09:33:28 PM

is the file located in C: root? if yes, then you can find some related topics here ;)

Uhh...Maxx, where is here?

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: Maxx_original on January 16, 2008, 10:10:37 PM

here = somewhere inside the forums :D

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: essexboy on January 16, 2008, 10:12:39 PM

 ;D ;D ;D

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 16, 2008, 11:54:11 PM

Thanks for your help.  I tried Tech suggestions and got to #4 and couldn't download the antispyware so I'm stuck there.  I started on oldman's suggestions and now how I post the logs?  Cut and paste?  They are pretty long.

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: Lisandro on January 17, 2008, 12:55:52 AM

Quote from: jbalcorn on January 16, 2008, 11:54:11 PM

how I post the logs?  Cut and paste?  They are pretty long.

Yes. Divide them into pieces.
Some infections could avoid the download of antimalware tools... this is why step 4 failed...

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:05:43 AM

ComboFix 08-01-17.3 - Owner 2008-01-16 17:38:52.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.431 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\01KL4567\ComboFix[1].exe
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\WUEJ2PAB\www.broadcaster.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\WUEJ2PAB\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\WUEJ2PAB\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\internet explorer\msimg32.dll
C:\temp\tn3

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:07:39 AM

C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\accessories\dirty_dishes.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\accessories\foodtray.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\accessories\heart1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\accessories\heart2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\accessories\heart3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\accessories\menu_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\accessories\menu_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\accessories\mop_prop.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\accessories\ticket.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\music\cafe\cafe_music_a1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\music\cafe\cafe_music_a2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\music\cafe\cafe_music_a3.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\music\cafe\cafe_music_a4.ogg

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:08:29 AM

C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\baby_cry.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\chef_cook1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\closing_time.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\customer_ditch.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\dialog_down.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\dialog_up.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\drink_table.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\expert.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\highchair_deliver.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\highchair_pickup.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\keystroke2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\level_lose.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\level_win.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\menu_click.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\menu_rollover.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\mop_pickup.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\mop_spill.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\sfx_menu_down.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\sfx_party_arrive_1_snd.ogg

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:09:31 AM

C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\spill.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\table_drink.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\audio\sfx\tip_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\backgrounds\flo_lose.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\backgrounds\flo_win.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\backgrounds\fullscreendialog.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\backgrounds\high_score_menu_bg.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\backgrounds\levelintro.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\backgrounds\levelintro.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\backgrounds\levelover.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\backgrounds\longdialog.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\backgrounds\longdialog.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\backgrounds\mainmenu_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\backgrounds\popup.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\backgrounds\popup.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\backgrounds\textfield.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\backgrounds\upgrade_lines.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\arrowdown_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\arrowdown_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\arrowdown_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\arrowup_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\arrowup_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\arrowup_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\checkbox_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\checkbox_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\checkbox_rotated_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\checkbox_rotated_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\decor_highlight.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\decor_normal.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\decor_selected.png

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:10:08 AM

C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\dialog_button_a_large_1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\dialog_button_a_large_2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\dialog_button_a_large_3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\dialog_button_a_small_1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\dialog_button_a_small_2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\dialog_button_a_small_3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\dialog_button_a1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\dialog_button_a2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\dialog_button_a3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\left_arrow_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\left_arrow_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\left_arrow_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\main_menu_button1_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\main_menu_button1_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\main_menu_button1_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\main_menu_button1_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\main_menu_button2_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\main_menu_button2_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\main_menu_button2_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\main_menu_button2_mask.png

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:10:35 AM

C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\map_button_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\map_button_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\map_button_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\right_arrow_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\right_arrow_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\right_arrow_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\upgrade_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\upgrade_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\upgrade_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\buttons\welcome_player.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\config\actionpoints.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\config\career.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\config\customer.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\config\endless.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\config\global.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\config\powerups.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\cook\stove.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\cursor\arrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\cursor\click.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\cursor\click2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\cursor\grab.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\cursor\open.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\dad_male\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\dad_male\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\dad_male\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\dad_male\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\dad_male\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\dad_male\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\dad_male\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\kid_male\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\kid_male\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\kid_male\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\kid_male\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\kid_male\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\kid_male\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\kid_male\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\mom_female\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\mom_female\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\mom_female\baby.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\mom_female\baby.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\mom_female\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\mom_female\blue_baby.pal

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:11:01 AM

C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\mom_female\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\mom_female\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\mom_female\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\mom_female\red_baby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\mom_female\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\young_female\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\young_female\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\young_female\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\young_female\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\young_female\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\young_female\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\customers\young_female\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\flo\idle.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\flo\idle.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\flo\lower.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\flo\lower.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\flo\upper.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\flo\upper.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\fonts\mercurius.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\bench.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\bench.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\blue_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\chair.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\chair.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\dirt2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\dirt4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\dishcart.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\dishcart.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\green_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\highchair_prop_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\highchair_prop_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\highchairbaby.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\highchairbaby.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\luxury_bench.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\luxury_bench.png

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:11:25 AM

C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\mop_station_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\mop_station_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\mop_station_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\podium.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\podium_heart.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\podium_heart.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\purple_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\radio.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\red_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\spill.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\spill.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\stereo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\ticketstation.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\ticketstation.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\furniture\yellow_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\help\family.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\help\help_dividerline.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\help\help1_colormatch1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\help\help1_colormatch2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\help\help1_noise.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\help\help1_score.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\help\help2_cleardishes.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\help\help2_givecheck.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\help\help2_pickupfood.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\help\help2_servefood.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\help\help2_takeorder.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\hiscore\local-hs-bb.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\hiscore\p1icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\layouts\career_1_1.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\layouts\career_1_2.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\layouts\career_1_3.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\layouts\career_1_4.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\layouts\career_1_5.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\layouts\career_1_6.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\layouts\endless_1_1.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\layouts\endless_1_1_a.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\layouts\endless_1_1_b.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\layouts\endless_1_1_c.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\playfirstlogo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\background.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\chairs\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\chairs\green.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\chairs\green.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\chairs\grey.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\chairs\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\food\cup1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\food\food.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\food\food.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\frames\2_0.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\frames\2_1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\furniture\drinkstation1_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\furniture\drinkstation1_b.png

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:11:54 AM

C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\furniture\drinkstation1_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\people\cook.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\people\cook.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\props\cup_prop1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\tables\2top.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\tables\2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\tables\4top.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\tables\4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\cafe\upgrades.xml
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\restaurants\tableshadow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\careerupgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\choosedifficulty.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\closeconfirm.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\entername.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\game.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\getmoregames.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\help1.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\help2.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\hiscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\levelintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\levelover.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\loading.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\mainloop.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\mainmenu.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\ok.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\pause.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\style.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\upgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\upsell.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\scripts\yesno.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\strings.xml
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\angersmoke.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\angersmoke.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\bubbles\request_bubble.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\bubbles\request_mop.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\bubbles\request_rejectmeal.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\chairflags.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\chairflags.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\check.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\checkmark.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\closed.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\coinflip.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\coinflip.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\decor_lines.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\dollar.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\expert.png

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:12:17 AM

C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\foodpoof.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\foodpoof.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\heartgrow.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\heartgrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\jar.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\jar.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\lives_icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\noisering.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\notes\music_boost_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\notes\music_boost_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\notes\music_boost_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\notes\music_boost_d.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\notes\music_boost_e.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\notes\music_boost_f.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\tablenumber_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\tablenumber_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\traynumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\tutorialarrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\tutorialbox.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\ui_base.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\ui_hand.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\ui_timer_off.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\ui_timer_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgradeanim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_bench_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_bench_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_bench_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_drink_station1_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_drink_station1_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_drink_station1_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_luxury_bench_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_luxury_bench_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_luxury_bench_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_oven_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_oven_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_oven_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_podium_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_podium_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_podium_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_powerbars_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_powerbars_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_powerbars_c.png

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:12:43 AM

C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_radio_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_radio_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_radio_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_stereo_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_stereo_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_stereo_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_table_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_table_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\ui\upgrades\icon_table_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\upsell\dd1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\upsell\dd2.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\upsell\dd3.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\assets\upsell\dd4.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.43\dinerdash2.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\bund1
C:\WINDOWS\system32\bund1\temp.txt
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\RunOnce1.t__
C:\WINDOWS\system32\RunOnce1.tm_
C:\WINDOWS\system32\RunOnce2.t__
C:\WINDOWS\system32\RunOnce2.tm_
D:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2007-12-17 to 2008-01-17  )))))))))))))))))))))))))))))))
.

2008-01-16 17:38 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\NirCmd.exe
2008-01-16 16:13 . 2008-01-16 16:13   <DIR>   d--------   C:\Program Files\IObit
2008-01-15 11:34 . 2008-01-15 11:34   <DIR>   d--------   C:\Program Files\Viewpoint
2008-01-14 22:24 . 2008-01-14 22:24   290   --a------   C:\WINDOWS\_delis43.ini
2008-01-14 22:19 . 2008-01-14 22:27   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\Symantec
2008-01-14 22:18 . 2008-01-14 22:19   <DIR>   d--------   C:\Program Files\Speed Disk
2008-01-14 22:17 . 2008-01-14 22:17   <DIR>   d--------   C:\Program Files\Symantec
2008-01-14 22:17 . 2008-01-16 16:12   <DIR>   d--------   C:\Program Files\Norton Utilities
2008-01-14 22:17 . 2008-01-14 22:27   <DIR>   d--------   C:\Program Files\Common Files\Symantec Shared
2008-01-14 22:17 . 2008-01-14 22:19   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-14 22:17 . 2006-08-25 10:45   617,472   --a------   C:\WINDOWS\system32\COMCTL32.NU6
2008-01-14 22:17 . 2001-06-22 06:52   120,379   --a------   C:\WINDOWS\system32\SYMEVNT.386
2008-01-14 22:17 . 2001-06-22 06:52   57,664   --a------   C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-14 22:17 . 2001-06-22 06:52   36,864   --a------   C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-14 22:17 . 2001-08-10 06:00   34,354   --a------   C:\WINDOWS\system32\drivers\NPDRIVER.SYS
2008-01-14 22:17 . 2001-08-10 06:00   31,744   --a------   C:\WINDOWS\system32\S32STAT.DLL
2008-01-14 22:17 . 2001-06-22 06:52   4,032   --a------   C:\WINDOWS\system32\SYMEVNT1.DLL
2008-01-14 18:46 . 2008-01-14 18:46   <DIR>   d--------   C:\Program Files\Windows Defender
2008-01-10 15:28 . 2008-01-10 15:28   <DIR>   d--------   C:\Program Files\Samsung Electronics
2008-01-10 15:13 . 2008-01-10 15:13   241,664   --a------   C:\WINDOWS\system32\GSBN.ocx
2008-01-10 15:13 . 2008-01-10 15:13   49,152   --a------   C:\WINDOWS\system32\FileupCtl.ocx
2008-01-10 15:12 . 2008-01-10 15:13   1,909,936   --a------   C:\WINDOWS\system32\FPSPR70.ocx
2008-01-10 15:12 . 2008-01-10 15:26   876   --a------   C:\WINDOWS\PSI3_Operation.ini
2008-01-05 00:04 . 2008-01-05 00:04   <DIR>   d--------   C:\Program Files\Enigma Software Group
2008-01-04 14:30 . 2008-01-04 14:30   314   --a------   C:\WINDOWS\SWWATER.INI
2008-01-03 21:56 . 2008-01-03 22:24   <DIR>   d--------   C:\_rpcs
2007-12-26 19:22 . 2007-10-09 13:42   745,547   --a------   C:\WINDOWS\system32\Magentic Screensaver.scr
2007-12-24 13:26 . 2007-12-24 13:26   <DIR>   d--------   C:\Program Files\mypoints
2007-12-24 13:26 . 2007-12-24 13:32   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\mypoints

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:13:13 AM

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 21:16   ---------   d-----w   C:\Program Files\XoftSpySE
2008-01-16 21:12   ---------   d-----w   C:\Program Files\Visual Rental Pro
2008-01-16 18:35   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\avg7
2008-01-16 06:47   ---------   d-----w   C:\Program Files\THQ
2008-01-16 06:46   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-01-16 06:44   ---------   d-----w   C:\Program Files\Google
2008-01-15 02:59   ---------   d-----w   C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-15 02:32   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\Move Networks
2008-01-14 23:16   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\AVG7
2007-12-27 00:22   ---------   d-----w   C:\Program Files\Magentic
2007-12-22 23:47   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-04 14:56   93,264   ----a-w   C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55   94,544   ----a-w   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53   23,152   ----a-w   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51   42,912   ----a-w   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49   26,624   ----a-w   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04   837,496   ----a-w   C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54   95,608   ----a-w   C:\WINDOWS\system32\AvastSS.scr
2007-12-02 18:47   ---------   d-----w   C:\Program Files\ThreatFire
2007-12-02 16:45   ---------   d-----w   C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-02 16:45   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-02 16:35   ---------   d-----w   C:\Program Files\LIUtilities
2007-12-02 16:34   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\GetRightToGo
2007-12-02 16:28   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\PC Tools
2007-11-07 09:26   721,920   ----a-w   C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:35   1,287,680   ----a-w   C:\WINDOWS\system32\quartz.dll
2007-10-27 22:39   228,864   ----a-w   C:\WINDOWS\system32\wmasf.dll
2007-08-17 13:49   1,776   ----a-w   C:\Documents and Settings\Owner\Application Data\wklnhst.dat
.

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:13:40 AM

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CEC4-75A487FD6484}]
2007-10-02 15:31   1909248   --a------   C:\PROGRA~1\mypoints\mypoints.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{A057A204-BACC-4D26-CEC4-75A487FD6484}

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= C:\PROGRA~1\mypoints\mypoints.dll [2007-10-02 15:31 1909248]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2006-10-30 15:27 715888]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2007-10-09 13:42 475180]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-25 22:30 50776]
"Washer"="C:\Program Files\Washer\washer.exe" [2002-08-15 03:07 428544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 11:32 7204864]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-31 22:53 98304]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 07:16 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-02 11:45 219136]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-12-14 20:16:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:19:20 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:47 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\America Online 9.0\waol.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:19:47 AM

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.samsung-emp.com
O15 - Trusted Zone: *.samsunggsbn.com
O15 - Trusted Zone: *.samsungwireless.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.crsdata.net/maps/install/mgaxctrlv65.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.playfirst.com/play/game/dinerdash2/dinerdash2.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V3_2_0_0/ACNePlayer.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.24.24/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {E463DD62-1D07-425E-B82A-539FBA2F4162} (GSBN_Updater.UserControl1) - http://www.samsunggsbn.com/PSI3/Cab/GSBN_Updater.CAB
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient/PTGameLauncher.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 10764 bytes

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:21:41 AM

Here is--== Dump Hidden File on C:\ ==--
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014205.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014206.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014207.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014208.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014209.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014210.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014211.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014212.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014213.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014214.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014215.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014217.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014218.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014219.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0 what the root kit found too.

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:22:15 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014220.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014221.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014222.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014223.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014224.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014225.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014226.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014227.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014228.PDF
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014229.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014230.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014231.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014232.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014233.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014234.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014235.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014236.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014237.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014238.JPG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014239.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014240.GIF
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014241.zip
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014242.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014243.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014244.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014245.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014246.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014247.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014248.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014249.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014250.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014251.htm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014252.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014253.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014254.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014255.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014256.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014257.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014258.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014259.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014260.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014261.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014262.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014263.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014264.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014265.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014266.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014267.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:22:55 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014268.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014269.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014270.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014271.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014272.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014273.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014274.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014275.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014276.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014277.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014278.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014279.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014280.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014281.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014282.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014283.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014284.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014285.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014286.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014287.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014288.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014289.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014290.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014291.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014292.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014293.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014294.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014295.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014296.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014297.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014298.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014299.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014300.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014301.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:23:50 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014302.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014303.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014304.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014305.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014306.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014307.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014308.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014309.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014310.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014311.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014312.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014313.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014314.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014315.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014316.htm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014317.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014318.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014319.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014320.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014321.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014322.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014323.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014324.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014325.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014326.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014327.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014328.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014329.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014330.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014331.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014332.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014333.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014334.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014335.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014336.JPG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014337.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014338.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014339.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014340.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014341.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014342.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014343.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014344.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014345.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:24:40 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014362.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014363.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014364.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014365.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014366.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014367.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014368.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014369.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014370.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014371.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014372.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014373.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014374.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014375.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014376.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014377.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014378.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014379.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014380.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014381.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014382.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014383.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014384.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014385.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014386.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014387.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014388.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014389.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014390.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014391.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014392.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014393.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014394.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014395.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014396.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014397.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014398.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014399.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014400.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014401.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014402.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014403.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:25:15 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014404.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014405.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014406.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014407.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014408.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014409.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014410.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014411.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014412.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014413.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014414.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014415.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014416.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014417.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014418.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014419.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014420.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014421.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014422.htm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014423.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014424.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014425.eml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014426.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014428.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014429.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014430.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014431.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014432.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014433.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014434.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014437.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014439.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014441.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014442.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014443.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014444.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014445.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014446.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014447.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014448.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014450.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014451.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014454.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014456.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014457.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014459.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:25:55 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014460.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014463
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014464
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014466.CLS
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014473.CLS
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014478
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014479.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014484.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014486.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014487.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014488.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014489.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014490.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014492.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014495.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014496.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014497.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014499.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014500.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014503.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014504.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014505.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014506.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014508.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014509.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014512.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:26:45 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014558.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014559.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014560.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014562.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014564.imh
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014565.imm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014566.imh
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014567.imm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014568.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014569.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014571.IMB
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014572.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014588.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014589.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014590.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014591.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014595.IMB
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014596.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014601.ini
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014602.ini
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014603.ini
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014604.ini
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014605.INI
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014606.box
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014607
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014608
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014609
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014610
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014611.ind
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014612.box
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014613.ind
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014614.ind
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014615.ind
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014617.ind
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014618.ind
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:27:10 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014620.ind
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014621.ind
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014622.INI
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014623.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014626
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014627
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014629.ME
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014630.MM
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014631.ME-
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014632.ME-
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014633.MM-
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014634.ME-
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014635.ME
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014636.MM
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014637.mb
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014638.mbb
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014641.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014646.TXT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014647.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014648.SOL
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014649.SOL
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014650.SOL
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014651.SOL
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014652.SOL
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014654.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014661.OLD
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014662.OLD
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014663.OLD
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014664.OLD
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014665.OLD
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014666.GID
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014667.BAC
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014668.BAC
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014669.BAC
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014670.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014671.ini
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014672.ini
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014673.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014674.!!!
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014675.!!!
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014676.!!!
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014677.!!!
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014678.!!!
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014679.!!!
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:27:31 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014680.!!!
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014681.!!!
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014682.!!!
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014683.!!!
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014684.!!!
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014685.!!!
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014686.!!!
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014687.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014690.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014691.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014693.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014694.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014695.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014696.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014697.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014698.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014699.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014700.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014701.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014702.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014703.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014704.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014705.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014706.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014707.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014708.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014709.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014710.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014711.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014712.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014713.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014714.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014715.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014716.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014717.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014718.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014719.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014720.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014721.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014722.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014723.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014724.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014725.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014726.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014727.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:28:08 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014728.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014729.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014730.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014731.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014732.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014733.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014734.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014735.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014736.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014737.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014738.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014739.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014740.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014741.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014742.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014743.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014744.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014745.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014746.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014747.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014748.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014749.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014750.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014751.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014752.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014753.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014754.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014755.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014756.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014757.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014758.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014759.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014760.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:28:55 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014782.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014783.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014784.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014785.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014786.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014787.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014788.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014789.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014790.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014791.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014792.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014793.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014794.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014795.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014796.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014797.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014798.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014799.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014800.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014801.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014802.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014803.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014804.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014805.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014806.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014807.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014808.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014809.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014810.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014811.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014812.PF
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x2020
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014814.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014815.JOB
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014816.exe
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014817.DLL
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014818.exe
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:30:00 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014819.chm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014820.GIF
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014821.GIF
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014822.xml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014823.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014824.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014825.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014826.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014827.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014828.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014829.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014830.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014831.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014832.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014833.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014834.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014835.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014836.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014837.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014838.htm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014839.htm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014840.htm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014841.htm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014842.LNK
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014843.REG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014844.REG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014845.LNK
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014846.LNK
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014847.REG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014848.REG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014849.lnk
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014850.REG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014851.REG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014852.LNK
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014853.LNK
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014854.LNK
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014855.LNK
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014856.LNK
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014857.LNK
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014858.LNK
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:30:39 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014859.LNK
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014860.REG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014861.REG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014862.REG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014863.lnk
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014864.REG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014865.REG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014866.REG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014867.REG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014868.LNK
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014869.REG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014870.REG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014871.REG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014872.REG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014873.REG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014874.REG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014875.REG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014876.REG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014877.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014878.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014879.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014880.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014881.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014882.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014883.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014884.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014885.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014886.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014887.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014888.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014889.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014890.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014891.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014892.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014893.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014894.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014895.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014896.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014897.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014898.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014899.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014900.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014901.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014902.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014903.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014904.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014905.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014906.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014907.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:31:02 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014908.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014909.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014910.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014911.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014912.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014913.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014914.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014915.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014916.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014917.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014918.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014919.log
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014920.ZIP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014921.htm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014922.htm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014923.JPG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014924.JPG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014925.JPG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014926.JPG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014927.xml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014928.GIF
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014929.css
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014930.GIF
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014931.JPG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014932.XML
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014933.css
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014934.GIF
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014935.JPG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014936.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014937.dll
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014938.LNK
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014939.lnk
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014940.job
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014941.lnk
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014942.lnk
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014943.JOB
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014944.JOB
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014945.EXE
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014946.LNK
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014947.LNK
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014949.LNK
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014950.exe
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014951.ico
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014952.DLL
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014953.db
   FullPathLength: 32
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014954.dll
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014955.DLL
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014956.css
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:31:37 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014957.gif
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014958.GIF
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014959.bmp
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014960.GIF
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014961.BMP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014962.JPG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014963.JPG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014964.JPG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014965.BMP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014966.BMP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014967.BMP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014968.BMP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014969.BMP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014970.BMP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014971.GIF
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014972.bmp
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014973.GIF
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014974.JPG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014975.BMP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014976.BMP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014977.BMP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014978.BMP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014979.BMP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014980.BMP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014981.GIF
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014982.JPG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014983.gif
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014984.bmp
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014985.htm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014986.htm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014987.htm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014988.htm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014989.htm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014990.htm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014991.htm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014992.htm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014993.htm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00014994.XML
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:32:27 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015013.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015014.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015015.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015016.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015017.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015018.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015019.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015020.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015021.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015022.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015023.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015024.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015025.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015026.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015027.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015028.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015029.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015030.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015031.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015032.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015033.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015034.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015035.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015036.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015037.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015038.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015039.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015040.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015041.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015042.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015043.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015044.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015045.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015046.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015047.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015048.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015049.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015050.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015051.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015052.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015053.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015054.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015055.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:33:03 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015056.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015057.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015058.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015059.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015060.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015061.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015062.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015063.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015064.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015065.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015066.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015067.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015068.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015069.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015070.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015071.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015072.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015073.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015074.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015075.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015076.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015077.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015078.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015079.SVN
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015081
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015082.tlv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015083
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015084
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015085
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015086
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015087
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015088
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015089
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015090
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015091
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015092
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015093
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015094
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015095
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015096
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015097
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015098
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015099
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:33:59 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015113
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015114
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015115
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015116
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015117
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015118
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015119
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015120
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015121
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015122
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015123
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015124
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015125
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015126
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015127
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015128
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015129
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015130
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015131
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015132
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015133
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015134
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015135
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015136
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015137
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015138
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015139
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015140
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015141
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015142
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015143
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015144
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015145
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015146
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015147
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015148
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015149
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015150
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015151
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015152
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:34:20 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015153
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015154
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015155
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015157.box
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015159
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015160
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015161.CRM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015167
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015168
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015171.XML
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015175.edb
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015178
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015179
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015183.VPU
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015184.VPU
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015185.reg
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015190.JOB
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x22
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015194.dll
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015195.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015196.dll
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015222.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015223.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015224.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015225.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015226.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015227.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015228.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015229.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015230.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015231.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015232.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015233.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015234.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015235.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015236.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015237.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015238.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015239.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015240.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015241.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015242.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015243.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015244.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015245.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015246.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015247.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:34:52 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015248.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015249.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015250.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015251.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015252.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015253.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015254.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015255.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015256.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015257.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015258.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015259.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015260.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015261.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015262.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015263.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015264.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015265.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015266.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015267.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015268.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015269.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015270.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015271.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015272.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015273.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015274.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015275.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015276.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015277.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015278.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015279.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015280.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:35:46 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015299.BCK
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015300.log
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015301.edb
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015303.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015304.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015314.IMB
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015315.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015319
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015320
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015321
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015322
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015323
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015324
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015325
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015332.VPU
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015333.vpu
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015334.VPU
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015335.vpu
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015336.VPU
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015337.vpu
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015338.VPU
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015339.vpu
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015340.VPU
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015341.vpu
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015342.VPU
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015343.vpu
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015344.VPU
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015345
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015347
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015348
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015349
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015350
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015394.ini
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015395.ini
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015396.ini
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015397.ini
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015398.INI
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015400
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015401
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015403
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015404
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015405.CRM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015413.XML
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015416
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:36:49 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015582.CFU
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015583.RE5
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015584.re5
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015585.re5
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015586.re5
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015587.re5
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015588.re5
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015589.re5
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015590.re5
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015591.RE5
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015592.sed
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015593.FOL
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015594.FOL
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015595.FOL
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015596.FOL
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015597.FOL
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015598.FOL
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015599.FOL
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015600.FOL
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015601.FOL
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015602.FOL
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015603.FOL
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015604.FOL
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015606.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015608
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015621.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015624.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015628.SYS
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015629
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015630
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015633
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015634
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015635
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015637.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015640.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015663.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015664.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015665.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015666.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015667.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015670.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015671.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015672.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015673.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015674.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:37:11 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015675.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015676.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015677.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015678.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015679.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015680.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015689
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015692
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015697
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015698
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015699
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015701
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015702.edb
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015704
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015705
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015706
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015707
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015708
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015709
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015711.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015713.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015714
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015715
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015716
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015717
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015723
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015724
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015725
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015731
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015732
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015733
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015734.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015738.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015739.bad
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015740.BAD
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015741.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015751
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015752
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015753
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015754.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015755.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015756.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015757.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015758.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015759.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015760.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015763
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:37:45 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015764.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015765.reg
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015766.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015767.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015768.reg
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015769.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015770
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015772
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015773
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015774
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015775
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015778
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015779
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015785
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015789
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015790
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015794.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015795
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015796
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015797
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015799.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015801
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015802.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015803
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015804
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015805
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015806.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015807
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015808
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015809.sed
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015810
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015811
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015812
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015813
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015815.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015816
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015817
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015818
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015819
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015820
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:38:29 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015837
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015838
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015839
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015841
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015842
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015843
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015844
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015845
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015846
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015847
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015848
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015849
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015850
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015851
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015852
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015853
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015854
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015855.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015856
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015857
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015858
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015859.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015860.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015861
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015862
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015863
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015864
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015865
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015866
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015867
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015868
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015869.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015870
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015873
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015874
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015875
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015876
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015877
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015878
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015879
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015880
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:38:50 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015881
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015882
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015883
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015884
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015885
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015886
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015887
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015888
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015889
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015890
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015891
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015892
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015894.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015895.hiv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015896.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015898.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015899.hiv
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015900.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015902.CAB
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015911.cab
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015919.cab
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015920.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015937
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015938
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015939
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015942
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015943
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015946
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015948
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015949
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015951
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015952
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015953
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015957
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015960.old
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015961.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015962.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015963.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015964.old
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015966.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015967.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015968.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015969.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015970.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015972.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015973
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00015974.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:40:11 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016015.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016016.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016017.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016018.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016019
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016020.txt
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016021.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016022.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016023.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016024.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016025.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016026.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016027.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016028.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016029.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016030.CFE
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016031.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016032.CFE
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016033.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016034.sed
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016035.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016036.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016037.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016038.CFE
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016039.bat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016040.CFE
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016041.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016042.CFE
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016043.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016044.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016045.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016046.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016047.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016048.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016049.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016050.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016051.CFE
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016052.CFE
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016053.CFE
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016054.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016055.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016056.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:40:41 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016057.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016058.CFE
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016059.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016060.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016061.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016062.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016063.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016064.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016065.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016066.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016067.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016068.CFE
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016079.rbs
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016080.rbs
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016081.ipi
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016083.DIC
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x22
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016084.LNK
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016085.LNK
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016086.DOC
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x22
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016087.dot
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x22
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016092.edb
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016093.JPG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016135.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016136.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016137.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016138.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016139.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016140.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016141.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016142.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016143.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:41:02 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016144.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016145.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016146.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016147.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016148.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016149.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016150.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016151.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016152.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016153.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016154.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016155.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016156.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016157.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016158.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016159.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016160.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016161.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016162.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:41:43 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016165.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016167.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016174.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016177.imh
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016178.imm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016179.imh
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016180.imm
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016182.IMB
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016183.DAT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016184.HTM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016185.IMH
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016186.IMM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016189.TXT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016190.SDP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016191.sdp
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016192.SDP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016193.SDP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016194.sdp
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016195.SDP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016196.SDP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016197.sdp
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016198.sdp
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016199.sdp
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016200.sdp
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016201.sdp
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016202.SDP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016203.SDP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016204.BPL
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016205.bpl
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016206.bpl
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016207.SDP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016208.sdp
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016209.sdp
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016210.SDP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016211.SDP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016212.SDP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016213.SDP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016214.SDP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016215.SDP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016216.SDP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016217.SDP
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016218.xml
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016219.CHM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016220.CHM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016221.CHM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016222.CHM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016223.CHM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016224.CHM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:42:10 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016225.CHM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016226.CHM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016227.CHM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016228.CHM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016229.CHM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016230.CHM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016231.CHM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016232.CHM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016233.CHM
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016234.LNG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016235.LNG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016236.lng
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016237.lng
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016238.LNG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016239.lng
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016240.lng
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016241.lng
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016242.lng
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016243.lng
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016244.lng
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016245.LNG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016246.LNG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016247.lng
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016248.lng
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016249.LNG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016250.LNG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016251.lng
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016252.lng
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016253.lng
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016254.lng
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016255.lng
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016256.lng
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016257.lng
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016258.lng
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016259.LNG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016260.LNG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016261.lng
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016262.lng
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016263.dat
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:43:12 AM

[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016264.DIF
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016265.bin
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016266.wav
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016267.dll
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016268.dll
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016270.SYS
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016273.h
   FullPathLength: 31
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016280.EDI
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016281.EDI
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016282.EXE
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016285
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016286
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016287.box
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016288.XML
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016289.ind
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016316
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016317
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016319.INI
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016320.INI
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016321
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016322
   FullPathLength: 29
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016324.JOB
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x22
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016331.edb
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016333.RGT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x22
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\00016334.2MT
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
[HIDDEN_FILE]:
   FullPath      : C:\RECYCLER\NPROTECT\NPROTECT.LOG
   FullPathLength: 33
   DesiredAccess : 0x0
   Options       : 0x0
   Attributes    : 0x20
   ShareAccess   : 0x0
   Type          : 0x0
 1501 hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
No hidden registry entries found.


--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 17, 2008, 01:53:52 AM

Whoa,doesn't that norton add up?    ;D  that's the  C:\RECYCLER\NPROTECT

And it looks like norton is gone, so you can get rid of those files.

Click start, click run, type cmd, click ok

In the black window type this line and hit enter. After it's done type exit to close the window.

rd /S "\\?\C:\recycler\nprotect"

note there is one space on each side of the /S  and the " " have to be used.


While you are doing, I'll have a look at the logs.

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 17, 2008, 02:01:12 AM

Hold off on that for 1 minute. How many av's do yu have, I'm now seeing 3

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 02:15:59 AM

What's an AV?

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 17, 2008, 02:29:01 AM

Anti virus programs. I see avast, avg and part of Norton. That's what all those files where.  C:\RECYCLER\NPROTECT are a part of norton.

Did you have norton before and uninstall it? And if you did, did you use their removal tool?

Is there any improvement at your end? I will be missing for a bit, got a job to right now, but will be back.

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 02:40:36 AM

Yes, I did have Norton, switched to AVG, then to Avast.  I had gotten rid of Norton (or thought so), when Avast found the virus I tried the AVG to see if it would do anything since Avast kept saying the same thing everytime we started the computer over. 

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 17, 2008, 03:21:41 AM

Let's try to disable the service.

First go to add/remove programs and see if there is anything related to norton or Norton Utilities. If there is uninstall it. Then do the steps in my previous post. post #57

http://forum.avast.com/index.php?topic=32733.msg273813#msg273813

If there is nothing in add remove disable the sevice then remove the files.

Click the Start button, then click Run.  In the empty field type services.msc and click OK.

In the window that opens locate Norton Unerase Protection (NProtectService)  and double clcik it.  On the General Tab find the section titled Startup Type.  Drop that down and select Disabled.  Click OK



you should only have one anti virus program installed at one time.

Check the avast log for the exact location and file name that was detected.

Open windows explorer and navigate the this folder

C:\program files\alwil software\avast4\data\logs

(easier to read there)

click on th logs folder and then in the right hand panel right click the warning log and open it with notepad. Now you will be able to see the entire detection. Please post the path and file name.

ps: when those files are gone you will have freed up a fair bit of space.


edit to add; there is some of the combofix log missing, it ends with this entry

HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

could you please post anything else that was in the log?

There should be som lines starting with R1 or S1

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 03:55:16 AM

8/28/2007   9:03:43 PM   1188349423   Owner   1872   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file.  
8/28/2007   9:05:39 PM   1188349539   Owner   1872   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file.  
8/28/2007   9:06:20 PM   1188349580   Owner   1872   Sign of "Win32:Murlo-AU [trj]" has been found in "C:\documents and settings\owner\ie_updater(2).exe\[FSG]" file.  
8/28/2007   9:06:20 PM   1188349580   Owner   1872   Sign of "Win32:Murlo-AU [trj]" has been found in "C:\DOCUME~1\owner\IE_UPD~1.EXE\[FSG]" file.  
8/28/2007   9:16:06 PM   1188350166   Owner   1872   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\WINDOWS\SYSTEM32\MSNETAX.DLL" file.  
8/28/2007   10:01:36 PM   1188352896   Owner   2808   Sign of "Win32:Klez-H [Wrm]" has been found in "E:\Old\Removers\older\RMELKNT.EXE\[UPX]" file.  
8/28/2007   10:02:03 PM   1188352923   Owner   2808   Sign of "Win32:Klez-H [Wrm]" has been found in "E:\Old\Removers\rmelknt.exe\[UPX]" file.  
8/28/2007   10:03:13 PM   1188352993   Owner   2808   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file.  
8/28/2007   10:09:14 PM   1188353354   Owner   2808   Sign of "Win32:Agent-GQF [trj]" has been found in "C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J39180.8528649421.WCU" file.  
8/28/2007   10:10:31 PM   1188353431   Owner   2808   Sign of "Java:ClassLoader [trj]" has been found in "C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\58\3cd9d33a-6518c13b" file.  
8/28/2007   10:11:38 PM   1188353498   Owner   2808   Sign of "Java:ClassLoader [trj]" has been found in "C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-1afb441-704ed99b.zip" file.  
8/28/2007   10:12:06 PM   1188353526   Owner   2808   Sign of "Win32:Murlo-AU [trj]" has been found in "C:\Documents and Settings\Owner\ie_updater(2).exe\[FSG]" file.  
8/28/2007   10:31:21 PM   1188354681   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine01052007-193828.xpy" file.  
8/28/2007   10:31:30 PM   1188354690   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine03072007-193521.xpy" file.  
8/28/2007   10:31:33 PM   1188354693   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine04082007-075739.xpy" file.  
8/28/2007   10:31:35 PM   1188354695   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine05052007-093851.xpy" file.  
8/28/2007   10:31:37 PM   1188354697   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine05062007-150032.xpy" file.  
8/28/2007   10:31:39 PM   1188354699   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine07052007-133517.xpy" file.  
8/28/2007   10:31:41 PM   1188354701   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine07062007-090622.xpy" file.  
8/28/2007   10:31:42 PM   1188354702   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine07072007-094055.xpy" file.  
8/28/2007   10:31:45 PM   1188354705   Owner   2808   Sign of "Win32:Surfside [Adw]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine08042007-203000.xpy" file.  
8/28/2007   10:31:47 PM   1188354707   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine08052007-073659.xpy" file.  
8/28/2007   10:31:49 PM   1188354709   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine09062007-105250.xpy" file.  
8/28/2007   10:31:52 PM   1188354712   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine10072007-090805.xpy" file.  
8/28/2007   10:31:54 PM   1188354714   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine11082007-092238.xpy" file.  
8/28/2007   10:31:56 PM   1188354716   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine12062007-091707.xpy" file.  
8/28/2007   10:32:00 PM   1188354720   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine14072007-094902.xpy" file.  
8/28/2007   10:32:01 PM   1188354721   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine15052007-153309.xpy" file.  
8/28/2007   10:32:03 PM   1188354723   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine17042007-072411.xpy" file.  
8/28/2007   10:32:05 PM   1188354725   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine19062007-101929.xpy" file.  

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 03:55:45 AM

8/28/2007   10:32:06 PM   1188354726   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine19062007-141749.xpy" file. 
8/28/2007   10:32:08 PM   1188354728   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine20070811-094537.xpy" file. 
8/28/2007   10:32:10 PM   1188354730   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine21072007-111756.xpy" file. 
8/28/2007   10:32:11 PM   1188354731   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine22052007-151200.xpy" file. 
8/28/2007   10:32:13 PM   1188354733   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine22052007-152513.xpy" file. 
8/28/2007   10:32:14 PM   1188354734   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine22052007-152846.xpy" file. 
8/28/2007   10:32:15 PM   1188354735   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine22052007-152933.xpy" file. 
8/28/2007   10:32:17 PM   1188354737   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine22052007-152946.xpy" file. 
8/28/2007   10:32:18 PM   1188354738   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine22052007-153000.xpy" file. 
8/28/2007   10:32:21 PM   1188354741   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine24042007-073505.xpy" file. 
8/28/2007   10:32:22 PM   1188354742   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine24072007-085211.xpy" file. 
8/28/2007   10:32:24 PM   1188354744   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine26062007-103022.xpy" file. 
8/28/2007   10:32:26 PM   1188354746   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine28042007-081807.xpy" file. 
8/28/2007   10:32:28 PM   1188354748   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine28052007-082422.xpy" file. 
8/28/2007   10:32:29 PM   1188354749   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine28052007-082509.xpy" file. 
8/28/2007   10:32:31 PM   1188354751   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine28052007-082950.xpy" file. 
8/28/2007   10:32:32 PM   1188354752   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine28052007-083030.xpy" file. 
8/28/2007   10:32:33 PM   1188354753   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine28052007-083439.xpy" file. 
8/28/2007   10:32:34 PM   1188354754   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine28052007-221916.xpy" file. 
8/28/2007   10:32:36 PM   1188354756   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine28072007-103112.xpy" file. 
8/28/2007   10:32:37 PM   1188354757   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine29052007-151602.xpy" file. 
8/28/2007   10:32:38 PM   1188354758   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine30062007-083146.xpy" file. 
8/28/2007   10:32:40 PM   1188354760   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine31072007-092300.xpy" file. 
8/28/2007   10:39:23 PM   1188355163   Owner   2808   Sign of "Win32:Murlo-AU [trj]" has been found in "C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP457\A0098990.exe\[FSG]" file. 
8/28/2007   10:45:01 PM   1188355501   Owner   2808   Sign of "Win32:Bancos-AJI [trj]" has been found in "C:\WINDOWS\pchealth\ERRORREP\UserDumps\svchost.exe.20070415-230410-00.hdmp" file. 
8/28/2007   10:46:02 PM   1188355562   Owner   2808   Sign of "Win32:Small-DJF [trj]" has been found in "C:\WINDOWS\pchealth\ERRORREP\UserDumps\svchost.exe.20070415-230424-00.hdmp" file. 
8/28/2007   10:48:08 PM   1188355688   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\WINDOWS\system32\msnetax.dll" file. 
8/28/2007   11:27:16 PM   1188358036   Owner   1788   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 03:56:19 AM

8/30/2007   12:11:36 PM   1188490296   Owner   1784   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
8/31/2007   4:13:09 PM   1188591189   Owner   1784   Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142. 
8/31/2007   4:13:10 PM   1188591190   Owner   1784   An error has occured while attempting to update. Please check the logs. 
8/31/2007   7:43:06 PM   1188603786   SYSTEM   1772   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
9/3/2007   12:11:24 AM   1188792684   Owner   1796   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
9/4/2007   12:16:02 PM   1188922562   Owner   1796   Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142. 
9/4/2007   12:16:03 PM   1188922563   Owner   1796   An error has occured while attempting to update. Please check the logs. 
9/4/2007   4:22:07 PM   1188937327   Owner   1796   Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142. 
9/4/2007   4:22:08 PM   1188937328   Owner   1796   An error has occured while attempting to update. Please check the logs. 
9/4/2007   4:52:39 PM   1188939159   SYSTEM   1744   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
9/8/2007   12:00:34 PM   1189267234   SYSTEM   1768   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
9/10/2007   7:45:41 PM   1189467941   SYSTEM   1764   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
9/12/2007   10:09:51 AM   1189606191   SYSTEM   1748   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
9/14/2007   7:32:37 PM   1189812757   SYSTEM   1800   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
9/15/2007   5:47:02 PM   1189892822   Owner   1776   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
9/29/2007   1:09:45 AM   1191042585   Owner   1628   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
9/29/2007   10:24:26 AM   1191075866   SYSTEM   1800   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 03:56:55 AM

10/9/2007   11:48:00 AM   1191944880   SYSTEM   1800   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1467.nls" file. 
10/9/2007   3:15:53 PM   1191957353   Owner   1636   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
10/10/2007   3:12:44 AM   1192000364   Owner   1772   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
10/12/2007   11:59:37 PM   1192247977   Owner   1772   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
10/23/2007   9:54:41 PM   1193190881   Owner   1772   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
10/23/2007   9:54:41 PM   1193190881   Owner   1772   An error has occured while attempting to update. Please check the logs. 
10/24/2007   3:35:49 AM   1193211349   SYSTEM   1764   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
10/24/2007   3:35:52 AM   1193211352   SYSTEM   1764   An error has occured while attempting to update. Please check the logs. 
10/24/2007   3:38:25 AM   1193211505   SYSTEM   1764   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
10/24/2007   9:06:40 AM   1193231200   SYSTEM   1760   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
10/24/2007   9:06:42 AM   1193231202   SYSTEM   1760   An error has occured while attempting to update. Please check the logs. 
10/24/2007   9:09:16 AM   1193231356   SYSTEM   1760   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
10/24/2007   1:07:22 PM   1193245642   SYSTEM   1760   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
10/24/2007   1:07:24 PM   1193245644   SYSTEM   1760   An error has occured while attempting to update. Please check the logs. 
10/24/2007   7:05:53 PM   1193267153   SYSTEM   1760   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
10/24/2007   7:05:54 PM   1193267154   SYSTEM   1760   An error has occured while attempting to update. Please check the logs. 
10/25/2007   9:47:47 AM   1193320067   SYSTEM   1760   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
10/25/2007   9:47:48 AM   1193320068   SYSTEM   1760   An error has occured while attempting to update. Please check the logs. 
10/25/2007   11:19:58 AM   1193325598   SYSTEM   1680   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
10/25/2007   11:19:58 AM   1193325598   SYSTEM   1680   An error has occured while attempting to update. Please check the logs. 
10/25/2007   11:22:39 AM   1193325759   SYSTEM   1680   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
10/25/2007   3:41:35 PM   1193341295   SYSTEM   1680   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
10/25/2007   3:41:35 PM   1193341295   SYSTEM   1680   An error has occured while attempting to update. Please check the logs. 
10/25/2007   9:26:50 PM   1193362010   SYSTEM   1748   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
10/25/2007   9:26:50 PM   1193362010   SYSTEM   1748   An error has occured while attempting to update. Please check the logs. 
10/25/2007   9:29:32 PM   1193362172   SYSTEM   1748   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
10/26/2007   9:06:42 AM   1193404002   SYSTEM   1748   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
10/26/2007   9:06:43 AM   1193404003   SYSTEM   1748   An error has occured while attempting to update. Please check the logs. 
10/29/2007   4:48:39 PM   1193690919   SYSTEM   1760   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 03:57:23 AM

11/5/2007   5:35:57 PM   1194302157   SYSTEM   1624   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
11/5/2007   8:46:27 PM   1194313587   Owner   1804   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
11/15/2007   3:47:33 AM   1195116453   Owner   1764   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
11/21/2007   3:26:55 PM   1195676815   Owner   1764   Sign of "Win32:Warezov-CVN [Wrm]" has been found in "Incoming email '*****SPAM***** Your Information.' From: sharon carter <sharon.carter@megaman.com>, To: mgalcorn@greatsmokyrentals.com\PartNo_1#84045556\access.exe#396025373" file. 
11/25/2007   4:08:41 PM   1196024921   SYSTEM   1772   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
11/30/2007   8:53:18 PM   1196473998   Owner   1740   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
11/30/2007   9:18:20 PM   1196475500   Owner   1752   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
11/30/2007   11:09:18 PM   1196482158   Owner   1776   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
12/2/2007   1:50:49 PM   1196621449   Owner   1756   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
12/3/2007   7:50:52 AM   1196686252   Owner   1756   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1467.nls" file. 
12/7/2007   11:23:23 AM   1197044603   SYSTEM   1756   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
12/7/2007   12:00:21 PM   1197046821   SYSTEM   1616   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
12/11/2007   9:21:54 AM   1197382914   Owner   1720   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
12/11/2007   9:26:21 AM   1197383181   Owner   1788   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
12/12/2007   11:35:49 AM   1197477349   SYSTEM   1732   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
12/13/2007   3:27:19 AM   1197534439   Owner   1792   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
12/13/2007   5:07:12 AM   1197540432   Owner   1792   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
12/13/2007   3:03:07 PM   1197576187   Owner   1808   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 03:58:14 AM

1/1/2008   5:07:03 AM   1199182023   Owner   1644   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/2/2008   5:07:18 AM   1199268438   Owner   1652   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/3/2008   10:29:21 PM   1199417361   Owner   1804   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/4/2008   11:29:46 AM   1199464186   Owner   1828   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/4/2008   4:04:01 PM   1199480641   Owner   1812   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/4/2008   7:44:42 PM   1199493882   Owner   1812   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/4/2008   8:22:50 PM   1199496170   Owner   1800   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/4/2008   8:28:01 PM   1199496481   Owner   1800   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/4/2008   10:18:17 PM   1199503097   Owner   1812   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/5/2008   5:07:01 AM   1199527621   Owner   1808   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/9/2008   8:11:28 AM   1199884288   Owner   1552   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/9/2008   8:54:46 AM   1199886886   Owner   1796   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/9/2008   10:03:39 PM   1199934219   Owner   1808   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 03:58:35 AM

1/10/2008   5:07:08 AM   1199959628   Owner   1792   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/11/2008   9:54:24 AM   1200063264   Owner   1604   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/14/2008   5:57:50 PM   1200351470   Owner   1820   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/14/2008   6:07:02 PM   1200352022   Owner   1808   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/14/2008   6:20:33 PM   1200352833   Owner   1808   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/14/2008   6:30:42 PM   1200353442   Owner   1812   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/14/2008   6:38:46 PM   1200353926   Owner   1748   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/1/2002   12:19:54 AM   1009862394   Owner   1800   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/1/2002   12:39:42 AM   1009863582   Owner   1784   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/1/2002   12:56:19 AM   1009864579   Owner   1828   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/14/2008   8:20:09 PM   1200360009   Owner   1868   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/14/2008   8:54:11 PM   1200362051   Owner   1836   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/14/2008   11:01:05 PM   1200369665   Owner   1828   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/14/2008   11:43:52 PM   1200372232   Owner   1728   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/14/2008   11:54:13 PM   1200372853   Owner   1784   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/16/2008   10:23:44 AM   1200497024   Owner   1776   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/16/2008   1:47:07 PM   1200509227   Owner   1856   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/16/2008   4:57:13 PM   1200520633   Owner   1748   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/16/2008   5:33:05 PM   1200522785   Owner   1696   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/16/2008   5:37:17 PM   1200523037   Owner   1820   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
2008-01-17   17:40   1200609617   Owner   1820   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1467.nls" file. 
1/17/2008   5:44:17 PM   1200609857   Owner   1820   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1334.nls" file. 
1/17/2008   6:09:06 PM   1200611346   Owner   1880   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/17/2008   8:37:37 PM   1200620257   Owner   1888   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/17/2008   8:45:36 PM   1200620736   Owner   1840   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/17/2008   9:50:19 PM   1200624619   Owner   1888   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 04:00:44 AM

Is this what you are talking about for the combofix log?

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 21:31]
R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2001-08-10 06:00]
S0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys []
S0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys []
S3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{283b87f1-92d3-11da-9815-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb7fa335-3a79-11d7-93b8-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-16 22:37:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 17:42:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 04:06:17 AM

OK....I went in to the add/remove programs and deleted the Norton Antivirus.  It's gone I had to restart the computer and I went to the run services.msc and there is no nprotectservice or norton at all.  I have disabled the AVG Antivirus - should I go in and add/remove it to?
I have posted the Avast log - do I need to delete the log? or just leave it?
I am also going to post the combofix from the Kodak part to the part I just posted. 

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 04:06:41 AM

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton System Doctor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton System Doctor.lnk
backup=C:\WINDOWS\pss\Norton System Doctor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-09-14 14:38 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2005-07-25 22:30 50776 C:\Program Files\America Online 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 07:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2004-12-08 20:57 550912 C:\WINDOWS\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
--a------ 2006-10-30 15:27 715888 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 23:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2005-01-07 20:07 61952 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 19:52 50736 C:\Program Files\Common Files\AOL\1138765954\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2007-05-06 15:20 208946 C:\Program Files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-08-12 19:16 1121792 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-09-18 11:32 7204864 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-09-18 11:32 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-09-18 11:32 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
--a------ 2004-04-05 16:33 99480 C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-01-31 22:53 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
--a------ 2005-08-27 08:09 139264 C:\Program Files\Digital Media Reader\readericon45G.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-09-14 14:38 14820864 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-17 09:42 69632 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stewie Griffin Communicator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-21 23:13 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Washer]
--a------ 2002-08-15 03:07 428544 C:\Program Files\Washer\washer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-01-19 12:49 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 17, 2008, 04:19:01 AM

Yes, that's the part of the CF log I was looking for. Thanks.

This file has been detected for quiet some time, going back to november.

I don't see that file in the logs.

Let's clean up your left over norton, get you down to one av and look again.  ;D We have other scanners that we can use.

What version of norton did you have? I should be able to find a removal tool for it. Your combofix log is full of norton left overs.

So carry on with disabling the norton service.. i don't think the tool will work very well with it running.

Just saw your new posts as I was posting this.

Yes uninstall avg please. You can leave the avast log, it may come in handy for reference.

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 04:36:09 AM

OK I went to add/remove and got rid of the AVG antivirus software but left the rootkit by AVG and restarted my computer.  Of course when I restarted the computer the virus warning came up again and I moved it to the chest.

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 04:49:30 AM

I keep forgetting to ask do I turn the system recovery back on yet?

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 17, 2008, 05:06:25 AM

Yes, please turn system restore on.

What version of Norton did you have? We'll remove what left with their tools. Then go after what ever is bringing that bug back.

The anti root kit is okay to keep, no conflicts there.

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 05:08:16 AM

I'm not sure it was eitehr Norton Utilities 2002 or Norton Systemworks 2003

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 17, 2008, 05:25:23 AM

I saw Utilities 2002 in the combofix log anfd there is only manual removeal instructions.

Did you do the command prompt removal  of the nprotect folder?

If not then do that now,

Then open HJT, run a system scan only, checkmark these lines, if present

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.playfirst.com/play/game/dinerdash2/dinerdash2.cab


click fix and close HJT

Run combofix again and post that log along with a new HJT log.

You can attach the logs using the additional options button on the reply page.

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 05:36:59 AM

Here is the combofix log

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 05:37:49 AM

Here is the hijackthis log after I fixed the files you mentioned. 

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 05:45:27 AM

I did the thing from post #57 if that is what you are talking about. 

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 05:46:28 AM

I didn't see this anywhere in the hijackthis when I ran it
http://www.playfirst.com/play/game/dinerdash2/dinerdash2.cab

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 17, 2008, 06:42:19 AM

Good
Some times the lines the lines disappear when the program is removed.

I have to tak a break from this for a few hours. My real job is calling. I'll get back to this asap.

For now do this

Open the Windows Control Panel
Double-click Power Options

Click the Hibernate tab, uncheck the 'Enable hibernate support' check box, and then click Apply.

Restart your computer and let me know if you get another warning. I'll go over your logs with a fine tooth comb when I get home in a couple of hours.

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 17, 2008, 01:54:59 PM

Hi,
    I had to get some sleep after the 7 hours on the computer last night.  I also have to be out for several hours today and won't be back until sometime after 1 or so EST.  I did what your last post said and restarted the computer and the same warning came up in the avast and I moved it to the chest.  I'll check back as soon as I get back home this afternoon. 
Thank you so much.

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 17, 2008, 10:47:02 PM

Well, let's take a deeper look.

Pay particular attention to notepad's format as given in the instructions.




Download WinPFind3u.exe (http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe)  to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

• Close ALL OTHER PROGRAMS.
  
• Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  
• Under Additional Scans click the checkboxes in front of the following items to select them:
  
  NOTE: no additional scan required at this time
  

• Now click the Run Scan button on the toolbar.
  
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
  
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  

This log will be quite long.  You can either use multiple post or attach the log file if its easier.  In either case make sure the last line is < End of Report >.

Just set it like in the image in the picture in this link, except change the two dates from 30 days to 90 days


http://forum.avast.com/index.php?topic=31261.msg260811#msg260811

click the pic to enlarge

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 18, 2008, 12:55:10 AM

WinPFind3 logfile created on: 1/18/2008 6:02:51 PM
WinPFind3U by OldTimer - Version 1.0.44   Folder = C:\Documents and Settings\Owner\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
 
895.36 Mb Total Physical Memory | 400.54 Mb Available Physical Memory | 44.74% Memory free
2.12 Gb Paging File | 1.54 Gb Available in Paging File | 72.65% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.23 Gb Total Space | 161.08 Gb Free Space | 88.39% Space Free
Drive D: | 4.06 Gb Total Space | 2.38 Gb Free Space | 58.70% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: ALCORN
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2               | Size = 46640 bytes | Modified Date = 10/23/2006 7:50:36 AM | Attr = R  ]
aoltpspd.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltpspd.exe -> America Online Inc [Ver = 2, 0, 0, 0 | Size = 46768 bytes | Modified Date = 10/15/2004 3:54:12 PM | Attr =    ]
aoltsmon.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 3:54:14 PM | Attr =    ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:24 AM | Attr =    ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:54 AM | Attr =    ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr =    ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:02 AM | Attr =    ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:34 AM | Attr =    ]
cdac11ba.exe -> %System32%\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 7/21/2006 6:55:32 PM | Attr =    ]
desktopweather.exe -> %ProgramFiles%\The Weather Channel FW\Desktop Weather\DesktopWeather.exe -> The Weather Channel Interactive [Ver = 5, 0, 1, 0 | Size = 715888 bytes | Modified Date = 10/30/2006 3:27:24 PM | Attr =    ]
mgapp.exe -> %ProgramFiles%\Magentic\bin\MgApp.exe ->  [Ver = 1, 3, 1, 0547 | Size = 106537 bytes | Modified Date = 10/9/2007 1:42:14 PM | Attr =    ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8133 | Size = 131139 bytes | Modified Date = 9/18/2005 11:32:00 AM | Attr =    ]
pctsauxs.exe -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 12/10/2007 2:53:44 PM | Attr =    ]
pctssvc.exe -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 12/10/2007 2:53:46 PM | Attr =    ]
pctstray.exe -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.0.51 | Size = 1103752 bytes | Modified Date = 12/10/2007 2:53:46 PM | Attr =    ]
prismxl.sys -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 1/31/2006 10:40:32 PM | Attr =    ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 1/31/2006 10:53:22 PM | Attr =    ]
uaservice7.exe -> %System32%\UAService7.exe ->  [Ver =  | Size = 126976 bytes | Modified Date = 10/6/2007 6:44:34 PM | Attr =    ]
washer.exe -> %ProgramFiles%\Washer\washer.exe -> Webroot Software, Inc. [Ver = 4.7.1024.2 | Size = 428544 bytes | Modified Date = 8/15/2002 3:07:02 AM | Attr =    ]
webshots.scr -> %ProgramFiles%\Webshots\Webshots.scr -> Webshots.com [Ver = 2, 5, 1, 7009 | Size = 1650688 bytes | Modified Date = 10/9/2006 12:56:34 PM | Attr =    ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2               | Size = 46640 bytes | Modified Date = 10/23/2006 7:50:36 AM | Attr = R  ]
(AOL TopSpeedMonitor) AOL TopSpeed Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 3:54:14 PM | Attr =    ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:34 AM | Attr =    ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr =    ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:54 AM | Attr =    ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:02 AM | Attr =    ]
(C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %System32%\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 7/21/2006 6:55:32 PM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr =    ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 9/2/2007 11:06:42 PM | Attr =    ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 2:24:18 AM | Attr =    ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8133 | Size = 131139 bytes | Modified Date = 9/18/2005 11:32:00 AM | Attr =    ]
(PrismXL) PrismXL [Win32_Own | Auto | Running] -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 1/31/2006 10:40:32 PM | Attr =    ]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 12/10/2007 2:53:44 PM | Attr =    ]
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 12/10/2007 2:53:46 PM | Attr =    ]
(ThreatFire) ThreatFire [Win32_Own | Auto | Stopped] ->  -> File not found
(UserAccess7) SecuROM User Access Service (V7) [Win32_Own | Auto | Running] -> %System32%\UAService7.exe ->  [Ver =  | Size = 126976 bytes | Modified Date = 10/6/2007 6:44:34 PM | Attr =    ]

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 18, 2008, 12:56:21 AM

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:24 AM | Attr =    ]
ISTray -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.0.51 | Size = 1103752 bytes | Modified Date = 12/10/2007 2:53:46 PM | Attr =    ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8133 | Size = 7204864 bytes | Modified Date = 9/18/2005 11:32:00 AM | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 1/31/2006 10:53:22 PM | Attr =    ]
< RunOnceEx [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx ->
 ->  -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DW4 -> %ProgramFiles%\The Weather Channel FW\Desktop Weather\DesktopWeather.exe -> The Weather Channel Interactive [Ver = 5, 0, 1, 0 | Size = 715888 bytes | Modified Date = 10/30/2006 3:27:24 PM | Attr =    ]
Magentic -> %ProgramFiles%\Magentic\bin\Magentic.exe ->  [Ver = 1, 3, 1, 0547 | Size = 475180 bytes | Modified Date = 10/9/2007 1:42:52 PM | Attr =    ]
Washer -> %ProgramFiles%\Washer\washer.exe -> Webroot Software, Inc. [Ver = 4.7.1024.2 | Size = 428544 bytes | Modified Date = 8/15/2002 3:07:02 AM | Attr =    ]
< User Startup > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
%UserStartup%\Webshots.lnk -> %ProgramFiles%\Webshots\Launcher.exe ->  [Ver =  | Size = 45056 bytes | Modified Date = 10/9/2006 12:52:18 PM | Attr =    ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.theme ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ ->  ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\NoResolveTrack -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Shell\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ ->  ->

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 18, 2008, 12:56:50 AM

< HOSTS File > (1006 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1       localhost ->  ->
127.0.0.1 multitrader.info ->  ->
127.0.0.1 reggame.biz ->  ->
127.0.0.1 tele-globus.biz ->  ->
127.0.0.1 newasp.com.cn ->  ->
127.0.0.1 mygolddinar.com ->  ->
127.0.0.1 xfatum.com ->  ->
127.0.0.1 think-adz2.com ->  ->
127.0.0.1 cyberica.net ->  ->
127.0.0.1 netw8.info ->  ->
127.0.0.1 vpt-studio.com ->  ->
127.0.0.1 netw6.info ->  ->
< Internet Explorer Settings > ->  ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> C:\WINDOWS\SYSTEM32\blank.htm ->
HKLM: Search Page -> http://www.msn.com ->
HKLM: Start Page -> http://www.msn.com ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\SYSTEM32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.msn.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr =    ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] ->  ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
samsung-emp.com

• ->  ->

samsunggsbn.com

• ->  ->

samsungwireless.com

• ->  ->

< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr =    ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr =    ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 12:04:00 AM | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 3:00:36 AM | Attr =    ]
{A057A204-BACC-4D26-CEC4-75A487FD6484} [HKLM] -> %ProgramFiles%\mypoints\mypoints.dll [MYPOINTS] ->   [Ver = 5.0.1.248 | Size = 1909248 bytes | Modified Date = 10/2/2007 3:31:50 PM | Attr =    ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 615, 5858 | Size = 654832 bytes | Modified Date = 9/2/2007 11:06:44 PM | Attr =    ]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKLM] -> %System32%\bae.dll [CBrowserHelperObject Object] -> Gateway Inc. [Ver = 1.1.0.1 | Size = 94208 bytes | Modified Date = 2/1/2006 6:54:30 AM | Attr =    ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKLM] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] ->  [Ver = 2, 5, 1, 6 | Size = 405504 bytes | Modified Date = 8/26/2004 11:27:32 AM | Attr =    ]
{A057A204-BACC-4D26-CEC4-75A487FD6484} [HKLM] -> %ProgramFiles%\mypoints\mypoints.dll [MYPOINTS] ->   [Ver = 5.0.1.248 | Size = 1909248 bytes | Modified Date = 10/2/2007 3:31:50 PM | Attr =    ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr =    ]
SITEguard [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 18, 2008, 12:57:13 AM

WebBrowser\\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{A057A204-BACC-4D26-CEC4-75A487FD6484} [HKLM] -> %ProgramFiles%\mypoints\mypoints.dll [MYPOINTS] ->   [Ver = 5.0.1.248 | Size = 1909248 bytes | Modified Date = 10/2/2007 3:31:50 PM | Attr =    ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr =    ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 3:00:36 AM | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 3:00:36 AM | Attr =    ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [ButtonText: PartyPoker.com] ->  [Ver = 1, 0, 0, 2 | Size = 110592 bytes | Modified Date = 6/23/2006 11:05:24 AM | Attr =    ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Add animation to IncrediMail Style Box -> %ProgramFiles%\IncrediMail\bin\resources\WebMenuImg.htm ->  [Ver =  | Size = 591 bytes | Modified Date = 4/12/2006 8:21:14 AM | Attr =    ]
&Webshots Photo Search -> %ProgramFiles%\Webshots\WSToolbar4IE.dll\MENUSEARCH.HTM -> File not found
E&xport to Microsoft Excel ->  -> File not found
Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_AddToList.htm -> File not found
Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_HSPrint.htm -> File not found
Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Preview.htm -> File not found
Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Print.htm -> File not found
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\ycsms.htm -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\ ->
.spop -> Reg Data - Value does not exist [Reg Data - Value does not exist] -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 ->  ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{7A0487F0-26B8-4D8E-A727-E9831BDF48FA} ->    (Linksys NC100 Fast Ethernet Adapter) ->
{BCD77BB1-D2B0-4238-A5BD-FC81679EEDF4} ->    (NVIDIA nForce Networking Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{33564D57-0000-0010-8000-00AA00389B71} ->  - CodeBase = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -> McAfee.com Operating System Class - CodeBase = http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab ->
{62789780-B744-11D0-986B-00609731A21D} -> Autodesk MapGuide ActiveX Control - CodeBase = http://www.crsdata.net/maps/install/mgaxctrlv65.cab ->
{6F750202-1362-4815-A476-88533DE61D0C} -> Kodak Gallery Easy Upload Manager Class - CodeBase = http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab ->
{77E32299-629F-43C6-AB77-6A1E6D7663F6} -> Groove Control - CodeBase = http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab ->
{9522B3FB-7A2B-4646-8AF6-36E7F593073C} ->  - CodeBase =  ->
{B991DA79-51F7-4011-98D2-1F2592E82A56} -> ACNPlayer2 Class - CodeBase = http://drm1.reelsurvey.com/ePlayer/V3_2_0_0/ACNePlayer.cab ->
{C02226EB-A5D7-4B1F-BD7E-635E46C2288D} -> Toontown Installer ActiveX Control - CodeBase = http://a.download.toontown.com/sv1.0.24.24/ttinst.cab ->
{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} -> Virtools WebPlayer Class - CodeBase = http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe ->
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab ->
{CC32D4D8-2A0B-4CEB-B105-C9B968379105} -> CGameManagerCtrl Object - CodeBase = https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
{E463DD62-1D07-425E-B82A-539FBA2F4162} -> GSBN_Updater.UserControl1 - CodeBase = http://www.samsunggsbn.com/PSI3/Cab/GSBN_Updater.CAB ->
{EF148DBB-5B6D-4130-B2A1-661571E86260} -> Playtime Games Launcher - CodeBase = http://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient/PTGameLauncher.cab ->

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 18, 2008, 12:58:09 AM

[Files/Folders - Created Within 90 days]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 1/16/2008 5:38:07 PM | Attr =    ]
Great Smoky Real Estate - Images -> %SystemDrive%\Great Smoky Real Estate - Images ->  [Folder | Created Date = 11/21/2007 10:58:06 AM | Attr =    ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 1/16/2008 5:38:19 PM | Attr =    ]
_rpcs -> %SystemDrive%\_rpcs ->  [Folder | Created Date = 1/3/2008 9:56:59 PM | Attr =    ]
$NtUninstallKB937894$ -> %SystemRoot%\$NtUninstallKB937894$ ->  [Folder | Created Date = 12/13/2007 3:07:54 AM | Attr =  H ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ ->  [Folder | Created Date = 12/13/2007 3:06:03 AM | Attr =  H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ ->  [Folder | Created Date = 12/13/2007 3:06:25 AM | Attr =  H ]
$NtUninstallKB941644$ -> %SystemRoot%\$NtUninstallKB941644$ ->  [Folder | Created Date = 1/9/2008 1:29:51 AM | Attr =  H ]
$NtUninstallKB942615$ -> %SystemRoot%\$NtUninstallKB942615$ ->  [Folder | Created Date = 12/13/2007 3:05:34 AM | Attr =  H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ ->  [Folder | Created Date = 12/13/2007 3:06:30 AM | Attr =  H ]
$NtUninstallKB942840$ -> %SystemRoot%\$NtUninstallKB942840$ ->  [Folder | Created Date = 12/13/2007 3:07:48 AM | Attr =  H ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ ->  [Folder | Created Date = 11/15/2007 3:06:00 AM | Attr =  H ]
$NtUninstallKB943485$ -> %SystemRoot%\$NtUninstallKB943485$ ->  [Folder | Created Date = 1/9/2008 1:29:45 AM | Attr =  H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ ->  [Folder | Created Date = 12/13/2007 3:03:44 AM | Attr =  H ]
$NtUninstallKB946627$ -> %SystemRoot%\$NtUninstallKB946627$ ->  [Folder | Created Date = 12/20/2007 10:56:14 PM | Attr =  H ]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 1/16/2008 5:38:35 PM | Attr =    ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 1/16/2008 5:38:17 PM | Attr =    ]
PSI3_Operation.ini -> %SystemRoot%\PSI3_Operation.ini ->  [Ver =  | Size = 876 bytes | Created Date = 1/10/2008 3:12:02 PM | Attr =    ]
SWWATER.INI -> %SystemRoot%\SWWATER.INI ->  [Ver =  | Size = 314 bytes | Created Date = 1/4/2008 2:30:57 PM | Attr =    ]
_delis43.ini -> %SystemRoot%\_delis43.ini ->  [Ver =  | Size = 290 bytes | Created Date = 1/14/2008 10:24:00 PM | Attr =    ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Created Date = 1/14/2008 6:49:42 PM | Attr =  H ]
CommXPCtrl.ocx -> %System32%\CommXPCtrl.ocx -> Samsung Electronics [Ver = 1.00 | Size = 69632 bytes | Created Date = 1/10/2008 3:28:15 PM | Attr =    ]
FileupCtl.ocx -> %System32%\FileupCtl.ocx -> Hyegi [Ver = 1.00.0014 | Size = 49152 bytes | Created Date = 1/10/2008 3:13:51 PM | Attr =    ]
FPSPR70.ocx -> %System32%\FPSPR70.ocx -> FarPoint Technologies, Inc. [Ver = 7.0.15 | Size = 1909936 bytes | Created Date = 1/10/2008 3:12:54 PM | Attr =    ]
GSBN.ocx -> %System32%\GSBN.ocx -> ??SDS [Ver = 1.01.0151 | Size = 241664 bytes | Created Date = 1/10/2008 3:13:46 PM | Attr =    ]
Magentic Screensaver.scr -> %System32%\Magentic Screensaver.scr -> IncrediMail LTD. [Ver = 1, 3, 1, 0547 | Size = 745547 bytes | Created Date = 12/26/2007 7:22:58 PM | Attr =    ]
Odbcjet.cnt -> %System32%\Odbcjet.cnt ->  [Ver =  | Size = 6902 bytes | Created Date = 1/10/2008 3:28:19 PM | Attr =    ]
Odbcjet.hlp -> %System32%\Odbcjet.hlp ->  [Ver =  | Size = 170865 bytes | Created Date = 1/10/2008 3:28:19 PM | Attr =    ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Created Date = 1/16/2008 5:38:17 PM | Attr =    ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 1/16/2008 5:38:17 PM | Attr =    ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 1/16/2008 5:38:17 PM | Attr =    ]
VFind.exe -> %System32%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 1/16/2008 5:38:17 PM | Attr =    ]
Vsflex7L.ocx -> %System32%\Vsflex7L.ocx -> VideoSoft [Ver = 7, 0, 0, 67 | Size = 421891 bytes | Created Date = 1/10/2008 3:28:21 PM | Attr =    ]
VSPRINT7.ocx -> %System32%\VSPRINT7.ocx -> VideoSoft [Ver = 7, 0, 0, 6 | Size = 331776 bytes | Created Date = 1/10/2008 3:28:22 PM | Attr =    ]
quartz.dll -> %System32%\dllcache\quartz.dll ->  [Ver =  | Size = 1287680 bytes | Created Date = 10/29/2007 5:35:13 PM | Attr =    ]
AvgArCln.sys -> %System32%\drivers\AvgArCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 1/17/2008 6:03:53 PM | Attr =    ]
ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1038 built by: WinDDK | Size = 41864 bytes | Created Date = 1/17/2008 6:00:24 PM | Attr =    ]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 1/17/2008 6:00:24 PM | Attr =    ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Created Date = 1/17/2008 6:00:24 PM | Attr =    ]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 1/17/2008 6:00:24 PM | Attr =    ]
TfKbMon.sys -> %System32%\drivers\TfKbMon.sys -> PC Tools [Ver = 3.7.9.20 | Size = 12608 bytes | Created Date = 12/2/2007 11:28:33 AM | Attr =    ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1052 | Size = 102800 bytes | Created Date = 1/17/2008 6:22:29 PM | Attr =    ]

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 18, 2008, 12:59:03 AM

[Files/Folders - Modified Within 90 days]
Alcorn Property Services.office.QBW -> %SystemDrive%\Alcorn Property Services.office.QBW ->  [Ver =  | Size = 15159296 bytes | Modified Date = 12/28/2007 4:49:04 PM | Attr = R  ]
Alcorn Property Services.office.QBW.ND -> %SystemDrive%\Alcorn Property Services.office.QBW.ND ->  [Ver =  | Size = 341 bytes | Modified Date = 12/28/2007 4:49:04 PM | Attr =    ]
Alcorn Property Services.office.QBW.TLG -> %SystemDrive%\Alcorn Property Services.office.QBW.TLG ->  [Ver =  | Size = 196608 bytes | Modified Date = 12/28/2007 4:49:04 PM | Attr = R  ]
Alcorn Property Services.QBW -> %SystemDrive%\Alcorn Property Services.QBW ->  [Ver =  | Size = 16105472 bytes | Modified Date = 1/15/2008 11:24:34 PM | Attr = R  ]
Alcorn Property Services.QBW.ND -> %SystemDrive%\Alcorn Property Services.QBW.ND ->  [Ver =  | Size = 334 bytes | Modified Date = 1/15/2008 11:24:34 PM | Attr =    ]
Alcorn Property Services.QBW.TLG -> %SystemDrive%\Alcorn Property Services.QBW.TLG ->  [Ver =  | Size = 589824 bytes | Modified Date = 1/15/2008 11:24:32 PM | Attr = R  ]
APS Payroll.qba.QBW -> %SystemDrive%\APS Payroll.qba.QBW ->  [Ver =  | Size = 15699968 bytes | Modified Date = 12/14/2007 12:37:44 PM | Attr = R  ]
APS Payroll.qba.QBW.ND -> %SystemDrive%\APS Payroll.qba.QBW.ND ->  [Ver =  | Size = 325 bytes | Modified Date = 12/14/2007 12:37:44 PM | Attr =    ]
APS Payroll.qba.QBW.TLG -> %SystemDrive%\APS Payroll.qba.QBW.TLG ->  [Ver =  | Size = 983040 bytes | Modified Date = 12/14/2007 12:37:44 PM | Attr = R  ]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 209 bytes | Modified Date = 1/16/2008 1:41:10 PM | Attr = RHS]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 1/17/2008 11:35:14 PM | Attr =    ]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 1/17/2008 5:45:16 PM | Attr =    ]
Great Smoky Real Estate - Images -> %SystemDrive%\Great Smoky Real Estate - Images ->  [Folder | Modified Date = 11/21/2007 10:58:08 AM | Attr =    ]
Great Smoky Real Estate Tax Forms -> %SystemDrive%\Great Smoky Real Estate Tax Forms ->  [Folder | Modified Date = 1/14/2008 12:43:04 PM | Attr =    ]
Great Smoky Real Estate.QBW -> %SystemDrive%\Great Smoky Real Estate.QBW ->  [Ver =  | Size = 7860224 bytes | Modified Date = 1/15/2008 2:49:10 PM | Attr = R  ]
Great Smoky Real Estate.QBW.ND -> %SystemDrive%\Great Smoky Real Estate.QBW.ND ->  [Ver =  | Size = 333 bytes | Modified Date = 1/15/2008 2:49:10 PM | Attr =    ]
Great Smoky Real Estate.QBW.TLG -> %SystemDrive%\Great Smoky Real Estate.QBW.TLG ->  [Ver =  | Size = 458752 bytes | Modified Date = 1/15/2008 2:49:10 PM | Attr = R  ]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 1/17/2008 10:41:16 PM | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 1/17/2008 11:34:36 PM | Attr =    ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 1/14/2008 10:17:50 PM | Attr =  HS]
Rfwin -> %SystemDrive%\Rfwin ->  [Folder | Modified Date = 1/14/2008 8:06:04 PM | Attr =    ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 1/16/2008 5:38:20 PM | Attr =  HS]
temp -> %SystemDrive%\temp ->  [Folder | Modified Date = 1/18/2008 5:56:54 PM | Attr =  H ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 1/18/2008 7:49:04 AM | Attr =    ]
_rpcs -> %SystemDrive%\_rpcs ->  [Folder | Modified Date = 1/3/2008 10:24:24 PM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 1/8/2008 8:38:52 PM | Attr =  H ]
$NtUninstallKB937894$ -> %SystemRoot%\$NtUninstallKB937894$ ->  [Folder | Modified Date = 12/13/2007 3:07:56 AM | Attr =  H ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ ->  [Folder | Modified Date = 12/13/2007 3:06:04 AM | Attr =  H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ ->  [Folder | Modified Date = 12/13/2007 3:06:28 AM | Attr =  H ]
$NtUninstallKB941644$ -> %SystemRoot%\$NtUninstallKB941644$ ->  [Folder | Modified Date = 1/9/2008 1:29:52 AM | Attr =  H ]
$NtUninstallKB942615$ -> %SystemRoot%\$NtUninstallKB942615$ ->  [Folder | Modified Date = 12/13/2007 3:05:42 AM | Attr =  H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ ->  [Folder | Modified Date = 12/13/2007 3:06:32 AM | Attr =  H ]
$NtUninstallKB942840$ -> %SystemRoot%\$NtUninstallKB942840$ ->  [Folder | Modified Date = 12/13/2007 3:07:50 AM | Attr =  H ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ ->  [Folder | Modified Date = 11/15/2007 3:06:02 AM | Attr =  H ]
$NtUninstallKB943485$ -> %SystemRoot%\$NtUninstallKB943485$ ->  [Folder | Modified Date = 1/9/2008 1:29:46 AM | Attr =  H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ ->  [Folder | Modified Date = 12/13/2007 3:03:46 AM | Attr =  H ]
$NtUninstallKB946627$ -> %SystemRoot%\$NtUninstallKB946627$ ->  [Folder | Modified Date = 12/20/2007 10:56:16 PM | Attr =  H ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 1/18/2008 7:48:54 AM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 1/17/2008 11:31:00 PM | Attr =   S]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 1/17/2008 5:42:18 PM | Attr =    ]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 12/7/2007 11:54:06 AM | Attr = R S]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 1/14/2008 6:46:34 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 1/17/2008 5:45:16 PM | Attr =  HS]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 1/14/2008 11:51:12 PM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 1/18/2008 5:57:52 PM | Attr =    ]
PSI3_Operation.ini -> %SystemRoot%\PSI3_Operation.ini ->  [Ver =  | Size = 876 bytes | Modified Date = 1/10/2008 3:26:10 PM | Attr =    ]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 1/16/2008 4:12:02 PM | Attr =    ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 1/18/2008 7:49:22 AM | Attr =    ]
SWWATER.INI -> %SystemRoot%\SWWATER.INI ->  [Ver =  | Size = 314 bytes | Modified Date = 1/4/2008 2:30:58 PM | Attr =    ]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 1/17/2008 10:27:42 PM | Attr =    ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 243 bytes | Modified Date = 1/17/2008 11:34:18 PM | Attr =    ]
system32 -> %System32% ->  [Folder | Modified Date = 1/17/2008 10:27:42 PM | Attr =    ]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 1/18/2008 7:52:04 AM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 1/18/2008 5:57:48 PM | Attr =    ]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 12/22/2007 6:44:12 PM | Attr =    ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 734 bytes | Modified Date = 1/17/2008 8:36:28 PM | Attr =    ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 12/20/2007 8:56:04 PM | Attr =    ]
_delis43.ini -> %SystemRoot%\_delis43.ini ->  [Ver =  | Size = 290 bytes | Modified Date = 1/14/2008 10:24:02 PM | Attr =    ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Modified Date = 1/18/2008 7:52:04 AM | Attr =  H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 1/18/2008 7:48:58 AM | Attr =  H ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Modified Date = 12/4/2007 8:04:28 AM | Attr =    ]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 95608 bytes | Modified Date = 12/4/2007 7:54:04 AM | Attr =    ]
CatRoot -> %System32%\CatRoot ->  [Folder | Modified Date = 1/4/2008 2:09:02 PM | Attr =    ]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 1/16/2008 2:54:00 PM | Attr =    ]
config -> %System32%\config ->  [Folder | Modified Date = 1/3/2008 10:25:32 PM | Attr =    ]
CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 2626 bytes | Modified Date = 1/16/2008 5:19:10 PM | Attr =    ]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 1/9/2008 1:29:54 AM | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 1/18/2008 7:49:12 AM | Attr =    ]
FileupCtl.ocx -> %System32%\FileupCtl.ocx -> Hyegi [Ver = 1.00.0014 | Size = 49152 bytes | Modified Date = 1/10/2008 3:13:52 PM | Attr =    ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 462024 bytes | Modified Date = 12/7/2007 11:57:00 AM | Attr =    ]

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 18, 2008, 12:59:36 AM

 Inc. [Ver = 7.0.15 | Size = 1909936 bytes | Modified Date = 1/10/2008 3:13:30 PM | Attr =    ]
GSBN.ocx -> %System32%\GSBN.ocx -> ??SDS [Ver = 1.01.0151 | Size = 241664 bytes | Modified Date = 1/10/2008 3:13:48 PM | Attr =    ]
nvapps.xml -> %System32%\nvapps.xml ->  [Ver =  | Size = 30277 bytes | Modified Date = 1/18/2008 7:49:00 AM | Attr =    ]
perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 53608 bytes | Modified Date = 1/17/2008 6:01:32 PM | Attr =    ]
perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 383254 bytes | Modified Date = 1/17/2008 6:01:32 PM | Attr =    ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 443380 bytes | Modified Date = 1/17/2008 6:01:32 PM | Attr =    ]
quartz.dll -> %System32%\quartz.dll ->  [Ver =  | Size = 1287680 bytes | Modified Date = 10/29/2007 5:35:14 PM | Attr =    ]
ReinstallBackups -> %System32%\ReinstallBackups ->  [Folder | Modified Date = 12/12/2007 5:16:32 PM | Attr =    ]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 1/16/2008 5:38:20 PM | Attr =    ]
wbem -> %System32%\wbem ->  [Folder | Modified Date = 1/3/2008 10:25:18 PM | Attr =    ]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 1170 bytes | Modified Date = 1/18/2008 7:49:30 AM | Attr =    ]
quartz.dll -> %System32%\dllcache\quartz.dll ->  [Ver =  | Size = 1287680 bytes | Modified Date = 10/29/2007 5:35:14 PM | Attr =    ]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Modified Date = 12/4/2007 9:49:02 AM | Attr =    ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Modified Date = 12/4/2007 9:56:02 AM | Attr =    ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Modified Date = 12/4/2007 9:55:46 AM | Attr =    ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 12/4/2007 9:53:40 AM | Attr =    ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 12/4/2007 9:51:52 AM | Attr =    ]
ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1038 built by: WinDDK | Size = 41864 bytes | Modified Date = 12/10/2007 2:53:28 PM | Attr =    ]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Modified Date = 12/10/2007 2:53:28 PM | Attr =    ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Modified Date = 12/10/2007 2:53:28 PM | Attr =    ]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Modified Date = 12/10/2007 2:53:30 PM | Attr =    ]
secdrv.sys -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:54 AM | Attr =    ]
TfKbMon.sys -> %System32%\drivers\TfKbMon.sys -> PC Tools [Ver = 3.7.9.20 | Size = 12608 bytes | Modified Date = 11/12/2007 5:03:14 PM | Attr =    ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1052 | Size = 102800 bytes | Modified Date = 1/17/2008 6:22:30 PM | Attr =    ]
hosts.ics -> %System32%\drivers\etc\hosts.ics ->  [Ver =  | Size = 432 bytes | Modified Date = 1/4/2008 2:09:04 PM | Attr =    ]

[File String Scan - Non-Microsoft Only]
WSUD ,  -> %SystemDrive%\Alcorn Property Services.office.QBW ->  [Ver =  | Size = 15159296 bytes | Modified Date = 12/28/2007 4:49:04 PM | Attr = R  ]
UPX! , UPX0 ,  -> %SystemRoot%\unwash.exe ->  [Ver =  | Size = 43008 bytes | Modified Date = 8/15/2002 3:07:02 AM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Modified Date = 12/4/2007 8:04:28 AM | Attr =    ]
PEC2 ,  -> %System32%\dfrg.msc ->  [Ver =  | Size = 41397 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =    ]
winsync ,  -> %System32%\wbdbase.deu ->  [Ver =  | Size = 1309184 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr =    ]
WSUD , UPX0 ,  -> %System32%\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr =    ]

< End of report >

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 18, 2008, 01:00:35 AM

I'll check back after while.  Thanks so much! :D

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 18, 2008, 01:39:51 AM

Hi, it's going to take awhle to read this log, uuh work again seems to interfere.


In the meantime,  please use the search function in windows explorer to find all copies of this file

NDIS.SYS

You will have to set your folder options like this:

At the top of windows explorer, click tools, folder options, click the
view tab

 check Show hidden files and folders
 uncheck "Hide extensions for known file types" box
 uncheck "Hide protecting operating system files" box

Set the search are to c:\


Make a note of each ones path, then submit them to www.virustotal.com  and wait for the results.

Let me know the results of each, no matter what it is. The results could range from nothing detected to 0 bytes recieved to infected with whatever.

There will probably be 3-4 instances of the file, make sure to test them all. Please let me know how many you found and there locations.

Thanks

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 18, 2008, 08:04:11 AM

Hi,  jbalcorn

I'm having trouble reading that log on this small screen, Ill be on my own computer in a couple of hours.

I did some searching around and found the most common cause of the detection you are having is an infected C:\WINDOWS\SYSTEM32DRIVERS\NDIS.SYS file.

That's why I asked you to find the files, we have to confirm that there is in fact an infection there and that there is a clean copy to replace it with.

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 18, 2008, 10:03:12 AM

Nothing of much interest in the WPF3 log. Let's procede with the above.

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 18, 2008, 05:01:42 PM

Went I did the search it only found one but when I browsed in the file to upload it I found another one and sent it and this is what it said the file name was ndis(2).sys that that this is what it said when I uploaded it
File has already been analysed:
MD5: 558635d3af1c7546d26067d5d9b6959e
Date: 01.13.2008 19:31:41 (CET) [>4D]
Results: 0/32
Permalink: analisis/aca45600ddc84f99502aa344d080a3f7
I sent it again by the reanalize button and here is what it said. 
File ndis_2_.sys received on 01.18.2008 16:50:10 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 25.
Estimated start time is between 79 and 113 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
 Compact Print results 
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
 Email: 
 

Antivirus Version Last Update Result
AhnLab-V3 2008.1.18.11 2008.01.18 -
AntiVir 7.6.0.48 2008.01.18 -
Authentium 4.93.8 2008.01.17 -
Avast 4.7.1098.0 2008.01.18 -
AVG 7.5.0.516 2008.01.18 -
BitDefender 7.2 2008.01.18 -
CAT-QuickHeal 9.00 2008.01.18 -
ClamAV 0.91.2 2008.01.18 -
DrWeb 4.44.0.09170 2008.01.18 -
eSafe 7.0.15.0 2008.01.16 -
eTrust-Vet 31.3.5468 2008.01.18 -
Ewido 4.0 2008.01.18 -
FileAdvisor 1 2008.01.18 -
Fortinet 3.14.0.0 2008.01.18 -
F-Prot 4.4.2.54 2008.01.17 -
F-Secure 6.70.13260.0 2008.01.18 -
Ikarus T3.1.1.20 2008.01.18 -
Kaspersky 7.0.0.125 2008.01.18 -
McAfee 5210 2008.01.17 -
Microsoft 1.3109 2008.01.18 -
NOD32v2 2805 2008.01.18 -
Norman 5.80.02 2008.01.18 -
Panda 9.0.0.4 2008.01.18 -
Prevx1 V2 2008.01.18 -
Rising 20.27.42.00 2008.01.18 -
Sophos 4.24.0 2008.01.18 -
Sunbelt 2.2.907.0 2008.01.17 -
Symantec 10 2008.01.18 -
TheHacker 6.2.9.189 2008.01.17 -
VBA32 3.12.2.5 2008.01.15 -
VirusBuster 4.3.26:9 2008.01.18 -
Webwasher-Gateway 6.6.2 2008.01.18 -
Additional information
File size: 182912 bytes
MD5: 558635d3af1c7546d26067d5d9b6959e
SHA1: de08d6d587fe19ce3c61a1cf3773158df212dbe8
PEiD: -


I found another one that was just ndis.sys but when I tried to upload it this is what came up.
0 bytes size received / Se ha recibido un archivo vacio

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 18, 2008, 05:07:32 PM

This was the system32 folder that you found it them in?

I'd suggest that 0 bytes one is infected and that the ndis_2_.sys is clean. Let me see if I can find out if the are the same file. If the are then it should just be a matter of renaming.

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 18, 2008, 05:11:40 PM

Yes it was the system 32 folder.
When I click on the properties tab on the two files the ndis.sys says it is size is 274 KB
and the ndis_2_.sys says it is 178 KB

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 18, 2008, 05:29:48 PM

These are the usual locations for this file
these are backup locations

C:/I386
C:/Windows/ServicePackFiles/i386
C:/Windows/$NtServicePackUninstall$
C:/Windows/$NtUninstallKB826942$


The file should run from Location: C:/WINDOWS/SYSTEM32/DRIVERS

The md5 number for the clean file is the same as the one you test clean (ndis_2_.sys )

Please check the other locations for the file in a renamed form, including the  C:/WINDOWS/SYSTEM32/DRIVERS location.

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 18, 2008, 06:09:27 PM

I found this file in the I386 folder. 
The other ones you mentioned I did a search but it didn't come up with anything found on any of these
C:/Windows/ServicePackFiles/i386
C:/Windows/$NtServicePackUninstall$
C:/Windows/$NtUninstallKB826942$

File NDIS.SY_ received on 01.18.2008 17:48:42 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 41 and 59 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
 Compact Print results 
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
 Email: 
 

Antivirus Version Last Update Result
AhnLab-V3 2008.1.18.11 2008.01.18 -
AntiVir 7.6.0.48 2008.01.18 -
Authentium 4.93.8 2008.01.17 -
Avast 4.7.1098.0 2008.01.18 -
AVG 7.5.0.516 2008.01.18 -
BitDefender 7.2 2008.01.18 -
CAT-QuickHeal 9.00 2008.01.18 -
ClamAV 0.91.2 2008.01.18 -
DrWeb 4.44.0.09170 2008.01.18 -
eSafe 7.0.15.0 2008.01.16 -
eTrust-Vet 31.3.5468 2008.01.18 -
Ewido 4.0 2008.01.18 -
FileAdvisor 1 2008.01.18 -
Fortinet 3.14.0.0 2008.01.18 -
F-Prot 4.4.2.54 2008.01.17 -
F-Secure 6.70.13260.0 2008.01.18 -
Ikarus T3.1.1.20 2008.01.18 -
Kaspersky 7.0.0.125 2008.01.18 -
McAfee 5211 2008.01.18 -
Microsoft 1.3109 2008.01.18 -
NOD32v2 2806 2008.01.18 -
Norman 5.80.02 2008.01.18 -
Panda 9.0.0.4 2008.01.18 -
Prevx1 V2 2008.01.18 -
Rising 20.27.42.00 2008.01.18 -
Sophos 4.24.0 2008.01.18 -
Sunbelt 2.2.907.0 2008.01.17 -
Symantec 10 2008.01.18 -
TheHacker 6.2.9.189 2008.01.17 -
VBA32 3.12.2.5 2008.01.15 -
VirusBuster 4.3.26:9 2008.01.18 -
Webwasher-Gateway 6.6.2 2008.01.18 -
Additional information
File size: 90321 bytes
MD5: 6c301b042682240589d9dfcb0f07d444
SHA1: c2c8a928a5d9d10b157f9ceb19753ab61e3bdbcd
PEiD: -

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 18, 2008, 06:16:43 PM

Did you find 1, even a renamed copy in the :/WINDOWS/SYSTEM32/DRIVERS?

Gotta go to the dentist right now, but will be back soon with a plan.  ;D

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 18, 2008, 06:24:51 PM

I don't if this is one of these files but it was similar so I tested it and here's the results.  I have a few more to check
File NDISNPP.DL_ received on 01.18.2008 18:12:35 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/31 (0%)
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 47 and 68 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
 Compact Print results 
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
 Email: 
 

Antivirus Version Last Update Result
AhnLab-V3 2008.1.18.11 2008.01.18 -
AntiVir 7.6.0.48 2008.01.18 -
Authentium 4.93.8 2008.01.17 -
Avast 4.7.1098.0 2008.01.18 -
AVG 7.5.0.516 2008.01.18 -
BitDefender 7.2 2008.01.18 -
CAT-QuickHeal 9.00 2008.01.18 -
ClamAV 0.91.2 2008.01.18 -
DrWeb 4.44.0.09170 2008.01.18 -
eSafe 7.0.15.0 2008.01.16 -
eTrust-Vet 31.3.5468 2008.01.18 -
Ewido 4.0 2008.01.18 -
FileAdvisor 1 2008.01.18 -
Fortinet 3.14.0.0 2008.01.18 -
F-Prot 4.4.2.54 2008.01.17 -
F-Secure 6.70.13260.0 2008.01.18 -
Ikarus T3.1.1.20 2008.01.18 -
Kaspersky 7.0.0.125 2008.01.18 -
McAfee 5211 2008.01.18 -
Microsoft 1.3109 2008.01.18 -
NOD32v2 2806 2008.01.18 -
Norman 5.80.02 2008.01.18 -
Panda 9.0.0.4 2008.01.18 -
Rising 20.27.42.00 2008.01.18 -
Sophos 4.24.0 2008.01.18 -
Sunbelt 2.2.907.0 2008.01.17 -
Symantec 10 2008.01.18 -
TheHacker 6.2.9.189 2008.01.17 -
VBA32 3.12.2.5 2008.01.15 -
VirusBuster 4.3.26:9 2008.01.18 -
Webwasher-Gateway 6.6.2 2008.01.18 -
Additional information
File size: 27704 bytes
MD5: 9b9d5bb34b220157d10dcd722d7f7d43
SHA1: 117e1405eb6b8f7a04162997cf1d0786f1c40389
PEiD: -

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 18, 2008, 06:28:57 PM

File NDISNPP.DL_ received on 01.18.2008 18:25:17 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/32 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
 Compact Print results 
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
 Email: 
 

Antivirus Version Last Update Result
AhnLab-V3 2008.1.18.11 2008.01.18 -
AntiVir 7.6.0.48 2008.01.18 -
Authentium 4.93.8 2008.01.17 -
Avast 4.7.1098.0 2008.01.18 -
AVG 7.5.0.516 2008.01.18 -
BitDefender 7.2 2008.01.18 -
CAT-QuickHeal 9.00 2008.01.18 -
ClamAV 0.91.2 2008.01.18 -
DrWeb 4.44.0.09170 2008.01.18 -
eSafe 7.0.15.0 2008.01.16 -
eTrust-Vet 31.3.5468 2008.01.18 -
Ewido 4.0 2008.01.18 -
FileAdvisor 1 2008.01.18 -
Fortinet 3.14.0.0 2008.01.18 -
F-Prot 4.4.2.54 2008.01.17 -
F-Secure 6.70.13260.0 2008.01.18 -
Ikarus T3.1.1.20 2008.01.18 -
Kaspersky 7.0.0.125 2008.01.18 -
McAfee 5211 2008.01.18 -
Microsoft 1.3109 2008.01.18 -
NOD32v2 2806 2008.01.18 -
Norman 5.80.02 2008.01.18 -
Panda 9.0.0.4 2008.01.18 -
Prevx1 V2 2008.01.18 -
Rising 20.27.42.00 2008.01.18 -
Sophos 4.24.0 2008.01.18 -
Sunbelt 2.2.907.0 2008.01.17 -
Symantec 10 2008.01.18 -
TheHacker 6.2.9.189 2008.01.17 -
VBA32 3.12.2.5 2008.01.15 -
VirusBuster 4.3.26:9 2008.01.18 -
Webwasher-Gateway 6.6.2 2008.01.18 -
Additional information
File size: 27704 bytes
MD5: 9b9d5bb34b220157d10dcd722d7f7d43
SHA1: 117e1405eb6b8f7a04162997cf1d0786f1c40389
PEiD: -

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 18, 2008, 06:35:25 PM

File NDISTAPI.SY_ received on 01.18.2008 18:29:41 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 9.
Estimated start time is between 63 and 90 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
 Compact Print results 
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
 Email: 
 

Antivirus Version Last Update Result
AhnLab-V3 2008.1.18.11 2008.01.18 -
AntiVir 7.6.0.48 2008.01.18 -
Authentium 4.93.8 2008.01.17 -
Avast 4.7.1098.0 2008.01.18 -
AVG 7.5.0.516 2008.01.18 -
BitDefender 7.2 2008.01.18 -
CAT-QuickHeal 9.00 2008.01.18 -
ClamAV 0.91.2 2008.01.18 -
DrWeb 4.44.0.09170 2008.01.18 -
eSafe 7.0.15.0 2008.01.16 -
eTrust-Vet 31.3.5468 2008.01.18 -
Ewido 4.0 2008.01.18 -
FileAdvisor 1 2008.01.18 -
Fortinet 3.14.0.0 2008.01.18 -
F-Prot 4.4.2.54 2008.01.17 -
F-Secure 6.70.13260.0 2008.01.18 -
Ikarus T3.1.1.20 2008.01.18 -
Kaspersky 7.0.0.125 2008.01.18 -
McAfee 5211 2008.01.18 -
Microsoft 1.3109 2008.01.18 -
NOD32v2 2806 2008.01.18 -
Norman 5.80.02 2008.01.18 -
Panda 9.0.0.4 2008.01.18 -
Prevx1 V2 2008.01.18 -
Rising 20.27.42.00 2008.01.18 -
Sophos 4.24.0 2008.01.18 -
Sunbelt 2.2.907.0 2008.01.17 -
Symantec 10 2008.01.18 -
TheHacker 6.2.9.189 2008.01.17 -
VBA32 3.12.2.5 2008.01.15 -
VirusBuster 4.3.26:9 2008.01.18 -
Webwasher-Gateway 6.6.2 2008.01.18 -
Additional information
File size: 5329 bytes
MD5: a199a73d962b0f9bde38c9904316fed7
SHA1: c17f9cadf71fa4a1a584f475864bcf923ebbf899
PEiD: -

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 18, 2008, 06:44:02 PM

File NDISUIO.IN_ received on 01.18.2008 18:36:18 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 44 and 63 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
 Compact Print results 
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
 Email: 
 

Antivirus Version Last Update Result
AhnLab-V3 2008.1.18.11 2008.01.18 -
AntiVir 7.6.0.48 2008.01.18 -
Authentium 4.93.8 2008.01.17 -
Avast 4.7.1098.0 2008.01.18 -
AVG 7.5.0.516 2008.01.18 -
BitDefender 7.2 2008.01.18 -
CAT-QuickHeal 9.00 2008.01.18 -
ClamAV 0.91.2 2008.01.18 -
DrWeb 4.44.0.09170 2008.01.18 -
eSafe 7.0.15.0 2008.01.16 -
eTrust-Vet 31.3.5468 2008.01.18 -
Ewido 4.0 2008.01.18 -
FileAdvisor 1 2008.01.18 -
Fortinet 3.14.0.0 2008.01.18 -
F-Prot 4.4.2.54 2008.01.17 -
F-Secure 6.70.13260.0 2008.01.18 -
Ikarus T3.1.1.20 2008.01.18 -
Kaspersky 7.0.0.125 2008.01.18 -
McAfee 5211 2008.01.18 -
Microsoft 1.3109 2008.01.18 -
NOD32v2 2806 2008.01.18 -
Norman 5.80.02 2008.01.18 -
Panda 9.0.0.4 2008.01.18 -
Prevx1 V2 2008.01.18 -
Rising 20.27.42.00 2008.01.18 -
Sophos 4.24.0 2008.01.18 -
Sunbelt 2.2.907.0 2008.01.17 -
Symantec 10 2008.01.18 -
TheHacker 6.2.9.189 2008.01.17 -
VBA32 3.12.2.5 2008.01.15 -
VirusBuster 4.3.26:9 2008.01.18 -
Webwasher-Gateway 6.6.2 2008.01.18 -
Additional information
File size: 982 bytes
MD5: 85196099ef453a0519fd14addeac9803
SHA1: cdb4aa4e04fef7cca6a893b60b7a252073d1fd23
PEiD: -

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 18, 2008, 06:53:08 PM

File NDISWAN.SY_ received on 01.18.2008 18:44:57 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 44 and 63 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
 Compact Print results 
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
 Email: 
 

Antivirus Version Last Update Result
AhnLab-V3 2008.1.18.11 2008.01.18 -
AntiVir 7.6.0.48 2008.01.18 -
Authentium 4.93.8 2008.01.17 -
Avast 4.7.1098.0 2008.01.18 -
AVG 7.5.0.516 2008.01.18 -
BitDefender 7.2 2008.01.18 -
CAT-QuickHeal 9.00 2008.01.18 -
ClamAV 0.91.2 2008.01.18 -
DrWeb 4.44.0.09170 2008.01.18 -
eSafe 7.0.15.0 2008.01.16 -
eTrust-Vet 31.3.5468 2008.01.18 -
Ewido 4.0 2008.01.18 -
FileAdvisor 1 2008.01.18 -
Fortinet 3.14.0.0 2008.01.18 -
F-Prot 4.4.2.54 2008.01.17 -
F-Secure 6.70.13260.0 2008.01.18 -
Ikarus T3.1.1.20 2008.01.18 -
Kaspersky 7.0.0.125 2008.01.18 -
McAfee 5211 2008.01.18 -
Microsoft 1.3109 2008.01.18 -
NOD32v2 2806 2008.01.18 -
Norman 5.80.02 2008.01.18 -
Panda 9.0.0.4 2008.01.18 -
Prevx1 V2 2008.01.18 -
Rising 20.27.42.00 2008.01.18 -
Sophos 4.24.0 2008.01.18 -
Sunbelt 2.2.907.0 2008.01.17 -
Symantec 10 2008.01.18 -
TheHacker 6.2.9.189 2008.01.17 -
VBA32 3.12.2.5 2008.01.15 -
VirusBuster 4.3.26:9 2008.01.18 -
Webwasher-Gateway 6.6.2 2008.01.18 -
Additional information
File size: 46262 bytes
MD5: 5e34173a4516ddeb68579ac5eadaefa8
SHA1: adff53dcf77edf21f837c8ab7a66c6a883bc2964
PEiD: -

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 18, 2008, 07:07:33 PM

File NDPROXY.SY_ received on 01.18.2008 18:54:20 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/31 (0%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 44 and 63 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
 Compact Print results 
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
 Email: 
 

Antivirus Version Last Update Result
AhnLab-V3 2008.1.18.11 2008.01.18 -
AntiVir 7.6.0.48 2008.01.18 -
Authentium 4.93.8 2008.01.17 -
Avast 4.7.1098.0 2008.01.18 -
AVG 7.5.0.516 2008.01.18 -
BitDefender 7.2 2008.01.18 -
CAT-QuickHeal 9.00 2008.01.18 -
ClamAV 0.91.2 2008.01.18 -
DrWeb 4.44.0.09170 2008.01.18 -
eSafe 7.0.15.0 2008.01.16 -
eTrust-Vet 31.3.5468 2008.01.18 -
Ewido 4.0 2008.01.18 -
FileAdvisor 1 2008.01.18 -
Fortinet 3.14.0.0 2008.01.18 -
F-Prot 4.4.2.54 2008.01.17 -
F-Secure 6.70.13260.0 2008.01.18 -
Ikarus T3.1.1.20 2008.01.18 -
Kaspersky 7.0.0.125 2008.01.18 -
McAfee 5211 2008.01.18 -
Microsoft 1.3109 2008.01.18 -
NOD32v2 2806 2008.01.18 -
Norman 5.80.02 2008.01.18 -
Panda 9.0.0.4 2008.01.18 -
Rising 20.27.42.00 2008.01.18 -
Sophos 4.24.0 2008.01.18 -
Sunbelt 2.2.907.0 2008.01.17 -
Symantec 10 2008.01.18 -
TheHacker 6.2.9.189 2008.01.17 -
VBA32 3.12.2.5 2008.01.15 -
VirusBuster 4.3.26:9 2008.01.18 -
Webwasher-Gateway 6.6.2 2008.01.18 -
Additional information
File size: 19324 bytes
MD5: d90862b77e4d64db5e03272747c13199
SHA1: 7ec51c892aa55fca727d2b650ae54b48178d1322
PEiD: -

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 18, 2008, 07:16:10 PM

File NDPTSP.TS_ received on 01.18.2008 19:10:25 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 47 and 68 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
 Compact Print results 
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
 Email: 
 

Antivirus Version Last Update Result
AhnLab-V3 2008.1.18.11 2008.01.18 -
AntiVir 7.6.0.48 2008.01.18 -
Authentium 4.93.8 2008.01.17 -
Avast 4.7.1098.0 2008.01.18 -
AVG 7.5.0.516 2008.01.18 -
BitDefender 7.2 2008.01.18 -
CAT-QuickHeal 9.00 2008.01.18 -
ClamAV 0.91.2 2008.01.18 -
DrWeb 4.44.0.09170 2008.01.18 -
eSafe 7.0.15.0 2008.01.16 -
eTrust-Vet 31.3.5468 2008.01.18 -
Ewido 4.0 2008.01.18 -
FileAdvisor 1 2008.01.18 -
Fortinet 3.14.0.0 2008.01.18 -
F-Prot 4.4.2.54 2008.01.17 -
F-Secure 6.70.13260.0 2008.01.18 -
Ikarus T3.1.1.20 2008.01.18 -
Kaspersky 7.0.0.125 2008.01.18 -
McAfee 5211 2008.01.18 -
Microsoft 1.3109 2008.01.18 -
NOD32v2 2806 2008.01.18 -
Norman 5.80.02 2008.01.18 -
Panda 9.0.0.4 2008.01.18 -
Prevx1 V2 2008.01.18 -
Rising 20.27.42.00 2008.01.18 -
Sophos 4.24.0 2008.01.18 -
Sunbelt 2.2.907.0 2008.01.17 -
Symantec 10 2008.01.18 -
TheHacker 6.2.9.189 2008.01.17 -
VBA32 3.12.2.5 2008.01.15 -
VirusBuster 4.3.26:9 2008.01.18 -
Webwasher-Gateway 6.6.2 2008.01.18 -
Additional information
File size: 25489 bytes
MD5: 2ae0afe9ce0fbccececcffbedfbb6289
SHA1: d1f840d77a1370e707186e4d5ce3890fe07205d0
PEiD: -

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 18, 2008, 07:46:50 PM

Did you find 1, even a renamed copy in the :/WINDOWS/SYSTEM32/DRIVERS?
I don't think I saw any of these below.  I looked again and did another search. 

C:/Windows/ServicePackFiles/i386
C:/Windows/$NtServicePackUninstall$
C:/Windows/$NtUninstallKB826942$
 
I'll wait for my next instructions.
Thanks!

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 18, 2008, 09:58:17 PM

Hi those are legit files 9the last ones you posted) for that folder. I'm between a rock and a hard place here. I'm certain your existing ndis.sys is infected. I can't find much on a file name ndis(2).sys in the system32. The one in the i386 folder should be compressed. I'll have to get on an xp machine to confirm that. Once we can piece this together we can safely remove the infected one and replace it with a clean copy, moving it to the right folder if nesseccary.


Can you make these two batch files for me please. They  will find all the ndis*.sys files in the windows\sysem32 and the system32\drivers folders.

Copy and paste the following text into a new notepad

Dir C:\WINDOWS\System32\drivers\ndis*.sys >> ndis.txt
Start ndis.txt

Click file, click save as. Set it to save in Desktop. Name the file (including the  " " marks) "seek.bat"

Click save.

Copy and paste the following text into a new notepad

Dir C:\WINDOWS\System32\ndis*.sys >> ndis1.txt
Start ndis1.txt


Click file, click save as. Set it to save in Desktop. Name the file (including the  " " marks) "seek1.bat"

You should now have two files on your desktop with an icon like the one at the end of this post.

Double click the files and copy and past the results in your next reply.

Oh, yes, What is the full path to the 1386 folder?

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 18, 2008, 10:07:49 PM

C:\WINDOWS\I386
Is this the path you are looking for?
Here is the first one
 Volume in drive C has no label.
 Volume Serial Number is C8A0-69CB

 Directory of C:\WINDOWS\System32\drivers

08/10/2004  02:00 PM           182,912 ndis(2).sys
04/15/2007  06:03 PM           281,348 ndis.sys
08/10/2004  02:00 PM             9,600 ndistapi.sys
06/21/2005  03:52 AM            14,592 ndisuio.sys
08/10/2004  02:00 PM            91,776 ndiswan.sys
               5 File(s)        580,228 bytes
               0 Dir(s)  172,932,501,504 bytes free
Here is the second one
 Volume in drive C has no label.
 Volume Serial Number is C8A0-69CB

 Directory of C:\WINDOWS\System32

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 18, 2008, 10:35:38 PM

Yes, perfect. This, I think will be easy.

Please copy and paste the rest of this post into a note pad and save it to your desktop. You will need it because you will be in safe mode.  ;D

Please boot to safe mode.

Once in safe mode, open windows explorer make sure the folder options are set like this:

Open the Folder Options in the Control Panel.  On the View tab make sure Show Hidden Files and Folders is checked and Hide Protected Operating System Files and hide known extentions are not checked.  Click OK.


Then navigate to this folder

C:\WINDOWS\System32\drivers

click on the driver folder, then in the right hand panel locate this file

ndis.sys

please right click the file and chose rename

in the small box that appears over the file name please type ndis.old

left click near the file and confirm that the rename happened.


Now find this file

ndis(2).sys

please right click the file and chose rename

in the small box that appears over the file name please type ndis.sys

left click near the file and confirm that the rename happened.

If everything looks right, close windows explorer and reboot back into normal windows.

Let me know what happens, see you in about 10 minutes.  ;D

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 18, 2008, 11:24:25 PM

OK I have done everything from the last post.  So far so good.  I am waiting on the avast to see if it pops up.  Usually it would have popped up by now. 
So now what do I do to get rid of the infected file for good?  Then how do I test to make sure it is gone. 

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 18, 2008, 11:32:03 PM

Good. I bet you miss it like a tooth ache.  ::)

Now we will give the sample to avast and turf the bum.  ;D
 
Please right click the "a" icon, select start avast. Once the interface opens, click on the chest.
 
In the chest, click the users section button and right click in the window on the right and select add.
 
Browse to this file
 
C:\WINDOWS\System32\drivers\ndis.old
 
click add
 
Make sure the file appears in the chest window and right click the file, select Email to alwil
 
copy and paste this text into the box
 
ATTN Maxx
 
infected ndsi.sys
 
http://forum.avast.com/index.php?topic=32733.msg274183#msg274183
 

 
click send.
 
 
 
 
 

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled.
 
Copy and paste all the text in the quote box below into Notepad.
 
Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" . Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown at the bottom of this post.
 

Quote

File::
C:\WINDOWS\System32\drivers\ndis.old
 

This will start ComboFix again.Close  all browser/windows first. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
 

I'll have to review this entire post, I seem to have forgotten your other problem. Please describe what happening.

I'm sure the cp1041.nls problem is resolved.

I'm off to work but do the above and get back to me, I'll check when i can sneak away.

Thanks.
 

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 19, 2008, 12:50:03 AM

Here is the log.  I don't see the file in the C:\WINDOWS\system32\drivers but is it still in the avast chest?  Do I need to delete it out of there?

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 19, 2008, 12:50:51 AM

I don't think I had another problem....or at least not that I can recall. 

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 19, 2008, 01:14:25 AM

OK....how is the best way to keep this from happening again.  What are the things I should keep running at all times to protect the computer?  When I start my computer the avast that comes up is the resident protection. I have to right click and click on the start antivirus and it runs a memory test and then I can scan the drives.  Is there a way to set this up to scan say every day/week or do I have to manually do it?  Any other software I need and you can sugget I get or keep to help with virus and spyware?  What would be the best ones to have and to work with avast.
Can I take off or uninstall any of the files we installed on the desktop and the logs?  Here is a list of the things I installed or saved. 
Advance Windows Care
HiJackThis
Combofix
Spyware Doctor
AVG Anti Root
Root Buster
Spyware Blaster
HiJackThis log
Wubofubd3u
Seek.bat
Seek1.bat
ndis.txt
ndis.txt
log.txt
lot2.txt
a file named back ups - I don't know where this one came from probably some how with all these things I have been doing.

Any other suggestions on what to leave on to keep me safe.  Can I take these above off the desktop and still be able to get to it in the all programs?  Do I need to keep the setup files like Wubofubd3u.exe now that I have installed it?  As I mentioned when I started this I am not a computer expert and everything I know I have learned by asking for help. Or by trail and error.  Should I clean out the chest for avast?  delete the items in there?  Should I run a clean up program like window washer and get rid of any temp files etc and then do a system restore after cleaning everything up?  I appreciate all your time and help with this.  You have no idea how much.  Once I get everything set up the way you suggest to keep the computer safe I will be a happy person.  I am sure I will have a few more questions later on tonight.

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 19, 2008, 01:16:36 AM

If you are doing ok, we'll clean up the tools that we used.

You can delete the file from the chest or leave it there. It can't run or be accessed from outside the chest. Normally, I'd suggest to leave it for a while, but in this case, there is no doubt it's infected, so go ahead and delte it. Just open the chest, click the users section button, right click the file and select delete.

Oh, yeah delete this guy, it was created when you booted into safe mode, avast doesn't start when going into save mode, so you wouldn't get a detection.. Then empty your recycle bin.

C:\cp1041.nls


And that's the last you should see of it.

While you are doing that, I'll put together a clean up list. And make some suggestions.

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 19, 2008, 01:48:15 AM

To clean up the tools that we used


1.Click start button, click run, copy and paste the line below into the box, click ok

combofix /u



2.Please download the OTMoveIt by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).

• Save it to your desktop.
  
• Please double-click OTMoveIt2.exe to run it.
  
  Then click the Clean Up button. You may get prompted by your firewall that OTMoveIt wants to contact the internet -  allow this.  A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself.
  
  
  3.Create a new restore point
  
  You must be logged on to an administrator account
  Go to Start - All Programs - Accessories - System Tools - System Restore.
  Click Create a restore point, and then click Next.
  In the text box labeled Restore Point Description, type a name for this restore point , click create
  
  Remove old restore points
  
  4.- Go to Start - All Programs - Accessories - system tools. Launch the Disk Cleanup tool and let it run. When it finishes a box with tabs will appear, select the more options tab. On this tab you will find a section for System Restore. If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.
  
  
  
  5.Download and run this clean up utility. You can use it regularly. When it's first run, it is in demo mode to show you what it will remove. Review it and then rerun in real mode. It is configurable.
  
  CleanUp (http://www.stevengould.org/downloads/cleanup/)
  
  
  6. Update your java
  
  Open an Internet Explorer (only) window and go to http://www.java.com/en/download/manual.jsp > In the middle of the page, click on the Download button to the right of Java Runtime Environment (JRE) 6u3 > If Information Bar pop-ups up, right-click on it and say it's OK to display the blocked content.
  
   You do not have to install the Java Web Start ActiveX Control
  
  
  Accept the license agreement > Click on Windows (XP,Vista, .etc) Offline Installation, Multi-language and Save the file jre-6u3-windows-i586-p.exe to your desktop; do not Run it.
  
  When the download is complete, Open Control Panel > Add/Remove Programs:
  
  Uninstall anything that says Sun Java, Java JRE, or similar.
  
  Close Add/Remove Programs.
  
  In Windows Explorer, navigate to C:\Program Files\Java <=this folder, if found. Delete any subfolders it may contain.
  
  Do NOT delete C:\Program Files\JavaVM <=this folder, if found!
  
  Double-click on the saved file to install the update.
  
  Delete the downloaded installation file after completing the above procedure  and reboot if not prompted to do so.
  
  Reboot your computer.
  
  
  
  And you may want to look at this:
  
  7. It looks like you are using windows firewall. It doesn't provide outbound protection. A third party firewall will.
  
  A discussion on free firewalls can be found here.
  
  http://forum.avast.com/index.php?topic=30808.0
  
  
  
  
  Avast will scan your computer as you open files, or files are accessed, this the resident protection. The on demand is when you scan the entire computer. Scheduled scans are not availible in the home version. A full weekly scan should be done.
  
  The tools clean up will take care of these
  
  HiJackThis
  Combofix
  HiJackThis log
  Wubofubd3u
  
  You can delete any notepads, logs that were created.
  
  Seek.bat
  Seek1.bat
  ndis.txt
  ndis.txt
  log.txt
  lot2.txt
  
  These are good guys
  
  Advance Windows Care
  Spyware Doctor
  AVG Anti Root
  Root Buster
  Spyware Blaster
  
  If you can run Spyware Doctor as resident, I'll give you the link to another one that is a bit more heaveywieght that you can run as an on demand. I also give you my suggested settings.
  
  Download  superantispyware (http://www.superantispyware.com/)
  
  First update SAS Then boot into save mode and set SAS up like this.
  
  Under Configuration and Preferences, click the Preferences button.
  Then click the Scanning Control tab.
  
  Under Scanner Options make sure the following are checked
  - CHECK ALL BOXES
  
  
  Return to the main page by clicking close on that screen. On the main screen, under Scan for Harmful Software click Scan your computer. On the left check C:\Fixed Drive.(and other fixed drives)
  Under Complete Scan, choose Perform Complete Scan.
  · Click Next to start the scan.
  
  When the scan is done, quarentine everything found . Reboot if asked.
  
  
  Do the things in the list,in order, then post back and let me know how things are. I'll be happy to clarify anthing I can and answer your questions
  
  
  
  
  
  

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 19, 2008, 04:03:35 AM

Thanks....I'll work on this in the morning when I am fresh.  I am sure I will have some questions!
You are great!
 ;D

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 19, 2008, 04:55:39 AM

You are welcome and your questions are welcome.   ;)  I'll try my best to answer them.

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 19, 2008, 05:59:14 AM

Quote

Then how do I test to make sure it is gone. 

If you did what I posted in the last post on Page 8, then the easiest way to see if it is gone
1. no avast alert
2. c:\cp1041.nls is not present
3. check the size of the C:\WINDOWS\System32\drivers\ndsi.sys file, it should remain about the same size 182,912b  or 178 kb

this of course would be after a reboot.  :)

 

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on January 19, 2008, 09:05:54 PM

I did a search for the cp1041.nls and nothing came up. 
The ndis.sys file is 178 KB
I followed all the directions except for I am not sure what I am doing when it comes to firewalls, how they work, which one to use etc.  I read through the post you told me about and it confused me even more.  I have two other computers in our home that are networked to this computer for the internet and one software program for our vacation rental company, they also share a printer so would installing one of these firewall programs interfer with them being able to access the internet?
I still have the Winpfind3 on my desktop...should I remove it?
I did the spyware doctor last night and it had some problems and supposedly fixed them now when I do a scan it doesn't show anything infected or any threats.
I did turn the on guard protection on of this software on.
Other than that everything seems to be working well.  I'm going to install avast on the other two computers to make sure they are OK too.  I just can't wait, it will be so much fun. 

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on January 19, 2008, 09:59:23 PM

Glad it's going well. I saw the file in your last combofix log. I'd meant to add it to the comboscript that you last ran. That's why I asked you manually delete it. It was a 0 byte file, perhaps cleanup removed it.

Just check for the presence of the file.

One thing you could also do, is from safe mode, safe a copy of the ndis.sys file to a disk, just in case. this ever happens again. The file you have is the correct file for your windows. If the problem reoccured, you could remove the infected one and replace it with clean. Now you know how.

When you are not using the computer, boot into safe mode and run SAS. Computer off time is a good time to do any of your scans anyway.

Quote

I followed all the directions except for I am not sure what I am doing when it comes to firewalls, how they work, which one to use etc.  I read through the post you told me about and it confused me even more.  I have two other computers in our home that are networked to this computer for the internet and one software program for our vacation rental company, they also share a printer so would installing one of these firewall programs interfer with them being able to access the internet?
 

It will take some setting up, you would have to find a firewall that you liked and check out their forum for setup info. I would suggest checking out the firewall forums and see what you can learn before deciding. Properly configured, printer, file sharing, internet access should be no problem.

Winpfind3 should have went when you ran the OTMOVEIT clean up. It may just be a shortcut. Anyways just delete it.

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: jbalcorn on February 26, 2008, 06:44:38 PM

Just wanted to thank you again for all the time and knowledge you shared with me.  All is well still and running fine. 
Best wishes.
jbalcorn

Title: Re: Please help Avast found this trojan file cp1041.nls
Post by: oldman on February 27, 2008, 01:27:23 AM

Hi, glad it's working out for you. Thanks for the feed back, it's nice to hear from people that have recieved help on this forum.