Please help Avast found this trojan file cp1041.nls

[oldman]

Anti virus programs. I see avast, avg and part of Norton. That's what all those files where.  C:\RECYCLER\NPROTECT are a part of norton.

Did you have norton before and uninstall it? And if you did, did you use their removal tool?

Is there any improvement at your end? I will be missing for a bit, got a job to right now, but will be back.

[jbalcorn]

Yes, I did have Norton, switched to AVG, then to Avast.  I had gotten rid of Norton (or thought so), when Avast found the virus I tried the AVG to see if it would do anything since Avast kept saying the same thing everytime we started the computer over. 

[oldman]

Let's try to disable the service.

First go to add/remove programs and see if there is anything related to norton or Norton Utilities. If there is uninstall it. Then do the steps in my previous post. post #57

http://forum.avast.com/index.php?topic=32733.msg273813#msg273813

If there is nothing in add remove disable the sevice then remove the files.

Click the Start button, then click Run.  In the empty field type services.msc and click OK.

In the window that opens locate Norton Unerase Protection (NProtectService)  and double clcik it.  On the General Tab find the section titled Startup Type.  Drop that down and select Disabled.  Click OK



you should only have one anti virus program installed at one time.

Check the avast log for the exact location and file name that was detected.

Open windows explorer and navigate the this folder

C:\program files\alwil software\avast4\data\logs

(easier to read there)

click on th logs folder and then in the right hand panel right click the warning log and open it with notepad. Now you will be able to see the entire detection. Please post the path and file name.

ps: when those files are gone you will have freed up a fair bit of space.


edit to add; there is some of the combofix log missing, it ends with this entry

HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

could you please post anything else that was in the log?

There should be som lines starting with R1 or S1

[jbalcorn]

8/28/2007   9:03:43 PM   1188349423   Owner   1872   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file.  
8/28/2007   9:05:39 PM   1188349539   Owner   1872   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file.  
8/28/2007   9:06:20 PM   1188349580   Owner   1872   Sign of "Win32:Murlo-AU [trj]" has been found in "C:\documents and settings\owner\ie_updater(2).exe\[FSG]" file.  
8/28/2007   9:06:20 PM   1188349580   Owner   1872   Sign of "Win32:Murlo-AU [trj]" has been found in "C:\DOCUME~1\owner\IE_UPD~1.EXE\[FSG]" file.  
8/28/2007   9:16:06 PM   1188350166   Owner   1872   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\WINDOWS\SYSTEM32\MSNETAX.DLL" file.  
8/28/2007   10:01:36 PM   1188352896   Owner   2808   Sign of "Win32:Klez-H [Wrm]" has been found in "E:\Old\Removers\older\RMELKNT.EXE\[UPX]" file.  
8/28/2007   10:02:03 PM   1188352923   Owner   2808   Sign of "Win32:Klez-H [Wrm]" has been found in "E:\Old\Removers\rmelknt.exe\[UPX]" file.  
8/28/2007   10:03:13 PM   1188352993   Owner   2808   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file.  
8/28/2007   10:09:14 PM   1188353354   Owner   2808   Sign of "Win32:Agent-GQF [trj]" has been found in "C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J39180.8528649421.WCU" file.  
8/28/2007   10:10:31 PM   1188353431   Owner   2808   Sign of "Java:ClassLoader [trj]" has been found in "C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\58\3cd9d33a-6518c13b" file.  
8/28/2007   10:11:38 PM   1188353498   Owner   2808   Sign of "Java:ClassLoader [trj]" has been found in "C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-1afb441-704ed99b.zip" file.  
8/28/2007   10:12:06 PM   1188353526   Owner   2808   Sign of "Win32:Murlo-AU [trj]" has been found in "C:\Documents and Settings\Owner\ie_updater(2).exe\[FSG]" file.  
8/28/2007   10:31:21 PM   1188354681   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine01052007-193828.xpy" file.  
8/28/2007   10:31:30 PM   1188354690   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine03072007-193521.xpy" file.  
8/28/2007   10:31:33 PM   1188354693   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine04082007-075739.xpy" file.  
8/28/2007   10:31:35 PM   1188354695   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine05052007-093851.xpy" file.  
8/28/2007   10:31:37 PM   1188354697   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine05062007-150032.xpy" file.  
8/28/2007   10:31:39 PM   1188354699   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine07052007-133517.xpy" file.  
8/28/2007   10:31:41 PM   1188354701   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine07062007-090622.xpy" file.  
8/28/2007   10:31:42 PM   1188354702   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine07072007-094055.xpy" file.  
8/28/2007   10:31:45 PM   1188354705   Owner   2808   Sign of "Win32:Surfside [Adw]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine08042007-203000.xpy" file.  
8/28/2007   10:31:47 PM   1188354707   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine08052007-073659.xpy" file.  
8/28/2007   10:31:49 PM   1188354709   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine09062007-105250.xpy" file.  
8/28/2007   10:31:52 PM   1188354712   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine10072007-090805.xpy" file.  
8/28/2007   10:31:54 PM   1188354714   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine11082007-092238.xpy" file.  
8/28/2007   10:31:56 PM   1188354716   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine12062007-091707.xpy" file.  
8/28/2007   10:32:00 PM   1188354720   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine14072007-094902.xpy" file.  
8/28/2007   10:32:01 PM   1188354721   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine15052007-153309.xpy" file.  
8/28/2007   10:32:03 PM   1188354723   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine17042007-072411.xpy" file.  
8/28/2007   10:32:05 PM   1188354725   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine19062007-101929.xpy" file.  

[jbalcorn]

8/28/2007   10:32:06 PM   1188354726   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine19062007-141749.xpy" file. 
8/28/2007   10:32:08 PM   1188354728   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine20070811-094537.xpy" file. 
8/28/2007   10:32:10 PM   1188354730   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine21072007-111756.xpy" file. 
8/28/2007   10:32:11 PM   1188354731   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine22052007-151200.xpy" file. 
8/28/2007   10:32:13 PM   1188354733   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine22052007-152513.xpy" file. 
8/28/2007   10:32:14 PM   1188354734   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine22052007-152846.xpy" file. 
8/28/2007   10:32:15 PM   1188354735   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine22052007-152933.xpy" file. 
8/28/2007   10:32:17 PM   1188354737   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine22052007-152946.xpy" file. 
8/28/2007   10:32:18 PM   1188354738   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine22052007-153000.xpy" file. 
8/28/2007   10:32:21 PM   1188354741   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine24042007-073505.xpy" file. 
8/28/2007   10:32:22 PM   1188354742   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine24072007-085211.xpy" file. 
8/28/2007   10:32:24 PM   1188354744   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine26062007-103022.xpy" file. 
8/28/2007   10:32:26 PM   1188354746   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine28042007-081807.xpy" file. 
8/28/2007   10:32:28 PM   1188354748   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine28052007-082422.xpy" file. 
8/28/2007   10:32:29 PM   1188354749   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine28052007-082509.xpy" file. 
8/28/2007   10:32:31 PM   1188354751   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine28052007-082950.xpy" file. 
8/28/2007   10:32:32 PM   1188354752   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine28052007-083030.xpy" file. 
8/28/2007   10:32:33 PM   1188354753   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine28052007-083439.xpy" file. 
8/28/2007   10:32:34 PM   1188354754   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine28052007-221916.xpy" file. 
8/28/2007   10:32:36 PM   1188354756   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine28072007-103112.xpy" file. 
8/28/2007   10:32:37 PM   1188354757   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine29052007-151602.xpy" file. 
8/28/2007   10:32:38 PM   1188354758   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine30062007-083146.xpy" file. 
8/28/2007   10:32:40 PM   1188354760   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\Program Files\XoftSpySE\Quarantine\Quarantine31072007-092300.xpy" file. 
8/28/2007   10:39:23 PM   1188355163   Owner   2808   Sign of "Win32:Murlo-AU [trj]" has been found in "C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP457\A0098990.exe\[FSG]" file. 
8/28/2007   10:45:01 PM   1188355501   Owner   2808   Sign of "Win32:Bancos-AJI [trj]" has been found in "C:\WINDOWS\pchealth\ERRORREP\UserDumps\svchost.exe.20070415-230410-00.hdmp" file. 
8/28/2007   10:46:02 PM   1188355562   Owner   2808   Sign of "Win32:Small-DJF [trj]" has been found in "C:\WINDOWS\pchealth\ERRORREP\UserDumps\svchost.exe.20070415-230424-00.hdmp" file. 
8/28/2007   10:48:08 PM   1188355688   Owner   2808   Sign of "Win32:Agent-ERY [trj]" has been found in "C:\WINDOWS\system32\msnetax.dll" file. 
8/28/2007   11:27:16 PM   1188358036   Owner   1788   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 

[jbalcorn]

8/30/2007   12:11:36 PM   1188490296   Owner   1784   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
8/31/2007   4:13:09 PM   1188591189   Owner   1784   Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142. 
8/31/2007   4:13:10 PM   1188591190   Owner   1784   An error has occured while attempting to update. Please check the logs. 
8/31/2007   7:43:06 PM   1188603786   SYSTEM   1772   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
9/3/2007   12:11:24 AM   1188792684   Owner   1796   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
9/4/2007   12:16:02 PM   1188922562   Owner   1796   Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142. 
9/4/2007   12:16:03 PM   1188922563   Owner   1796   An error has occured while attempting to update. Please check the logs. 
9/4/2007   4:22:07 PM   1188937327   Owner   1796   Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142. 
9/4/2007   4:22:08 PM   1188937328   Owner   1796   An error has occured while attempting to update. Please check the logs. 
9/4/2007   4:52:39 PM   1188939159   SYSTEM   1744   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
9/8/2007   12:00:34 PM   1189267234   SYSTEM   1768   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
9/10/2007   7:45:41 PM   1189467941   SYSTEM   1764   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
9/12/2007   10:09:51 AM   1189606191   SYSTEM   1748   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
9/14/2007   7:32:37 PM   1189812757   SYSTEM   1800   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
9/15/2007   5:47:02 PM   1189892822   Owner   1776   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
9/29/2007   1:09:45 AM   1191042585   Owner   1628   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
9/29/2007   10:24:26 AM   1191075866   SYSTEM   1800   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 

[jbalcorn]

10/9/2007   11:48:00 AM   1191944880   SYSTEM   1800   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1467.nls" file. 
10/9/2007   3:15:53 PM   1191957353   Owner   1636   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
10/10/2007   3:12:44 AM   1192000364   Owner   1772   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
10/12/2007   11:59:37 PM   1192247977   Owner   1772   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\cp1041.nls" file. 
10/23/2007   9:54:41 PM   1193190881   Owner   1772   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
10/23/2007   9:54:41 PM   1193190881   Owner   1772   An error has occured while attempting to update. Please check the logs. 
10/24/2007   3:35:49 AM   1193211349   SYSTEM   1764   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
10/24/2007   3:35:52 AM   1193211352   SYSTEM   1764   An error has occured while attempting to update. Please check the logs. 
10/24/2007   3:38:25 AM   1193211505   SYSTEM   1764   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
10/24/2007   9:06:40 AM   1193231200   SYSTEM   1760   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
10/24/2007   9:06:42 AM   1193231202   SYSTEM   1760   An error has occured while attempting to update. Please check the logs. 
10/24/2007   9:09:16 AM   1193231356   SYSTEM   1760   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
10/24/2007   1:07:22 PM   1193245642   SYSTEM   1760   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
10/24/2007   1:07:24 PM   1193245644   SYSTEM   1760   An error has occured while attempting to update. Please check the logs. 
10/24/2007   7:05:53 PM   1193267153   SYSTEM   1760   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
10/24/2007   7:05:54 PM   1193267154   SYSTEM   1760   An error has occured while attempting to update. Please check the logs. 
10/25/2007   9:47:47 AM   1193320067   SYSTEM   1760   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
10/25/2007   9:47:48 AM   1193320068   SYSTEM   1760   An error has occured while attempting to update. Please check the logs. 
10/25/2007   11:19:58 AM   1193325598   SYSTEM   1680   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
10/25/2007   11:19:58 AM   1193325598   SYSTEM   1680   An error has occured while attempting to update. Please check the logs. 
10/25/2007   11:22:39 AM   1193325759   SYSTEM   1680   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
10/25/2007   3:41:35 PM   1193341295   SYSTEM   1680   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
10/25/2007   3:41:35 PM   1193341295   SYSTEM   1680   An error has occured while attempting to update. Please check the logs. 
10/25/2007   9:26:50 PM   1193362010   SYSTEM   1748   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
10/25/2007   9:26:50 PM   1193362010   SYSTEM   1748   An error has occured while attempting to update. Please check the logs. 
10/25/2007   9:29:32 PM   1193362172   SYSTEM   1748   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
10/26/2007   9:06:42 AM   1193404002   SYSTEM   1748   Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 
10/26/2007   9:06:43 AM   1193404003   SYSTEM   1748   An error has occured while attempting to update. Please check the logs. 
10/29/2007   4:48:39 PM   1193690919   SYSTEM   1760   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 

[jbalcorn]

11/5/2007   5:35:57 PM   1194302157   SYSTEM   1624   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
11/5/2007   8:46:27 PM   1194313587   Owner   1804   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
11/15/2007   3:47:33 AM   1195116453   Owner   1764   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
11/21/2007   3:26:55 PM   1195676815   Owner   1764   Sign of "Win32:Warezov-CVN [Wrm]" has been found in "Incoming email '*****SPAM***** Your Information.' From: sharon carter <sharon.carter@megaman.com>, To: mgalcorn@greatsmokyrentals.com\PartNo_1#84045556\access.exe#396025373" file. 
11/25/2007   4:08:41 PM   1196024921   SYSTEM   1772   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
11/30/2007   8:53:18 PM   1196473998   Owner   1740   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
11/30/2007   9:18:20 PM   1196475500   Owner   1752   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
11/30/2007   11:09:18 PM   1196482158   Owner   1776   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
12/2/2007   1:50:49 PM   1196621449   Owner   1756   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
12/3/2007   7:50:52 AM   1196686252   Owner   1756   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1467.nls" file. 
12/7/2007   11:23:23 AM   1197044603   SYSTEM   1756   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
12/7/2007   12:00:21 PM   1197046821   SYSTEM   1616   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
12/11/2007   9:21:54 AM   1197382914   Owner   1720   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
12/11/2007   9:26:21 AM   1197383181   Owner   1788   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
12/12/2007   11:35:49 AM   1197477349   SYSTEM   1732   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
12/13/2007   3:27:19 AM   1197534439   Owner   1792   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
12/13/2007   5:07:12 AM   1197540432   Owner   1792   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
12/13/2007   3:03:07 PM   1197576187   Owner   1808   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 

[jbalcorn]

1/1/2008   5:07:03 AM   1199182023   Owner   1644   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/2/2008   5:07:18 AM   1199268438   Owner   1652   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/3/2008   10:29:21 PM   1199417361   Owner   1804   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/4/2008   11:29:46 AM   1199464186   Owner   1828   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/4/2008   4:04:01 PM   1199480641   Owner   1812   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/4/2008   7:44:42 PM   1199493882   Owner   1812   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/4/2008   8:22:50 PM   1199496170   Owner   1800   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/4/2008   8:28:01 PM   1199496481   Owner   1800   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/4/2008   10:18:17 PM   1199503097   Owner   1812   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/5/2008   5:07:01 AM   1199527621   Owner   1808   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/9/2008   8:11:28 AM   1199884288   Owner   1552   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/9/2008   8:54:46 AM   1199886886   Owner   1796   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/9/2008   10:03:39 PM   1199934219   Owner   1808   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 

[jbalcorn]

1/10/2008   5:07:08 AM   1199959628   Owner   1792   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/11/2008   9:54:24 AM   1200063264   Owner   1604   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/14/2008   5:57:50 PM   1200351470   Owner   1820   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/14/2008   6:07:02 PM   1200352022   Owner   1808   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/14/2008   6:20:33 PM   1200352833   Owner   1808   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/14/2008   6:30:42 PM   1200353442   Owner   1812   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/14/2008   6:38:46 PM   1200353926   Owner   1748   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/1/2002   12:19:54 AM   1009862394   Owner   1800   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/1/2002   12:39:42 AM   1009863582   Owner   1784   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/1/2002   12:56:19 AM   1009864579   Owner   1828   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/14/2008   8:20:09 PM   1200360009   Owner   1868   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/14/2008   8:54:11 PM   1200362051   Owner   1836   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/14/2008   11:01:05 PM   1200369665   Owner   1828   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/14/2008   11:43:52 PM   1200372232   Owner   1728   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/14/2008   11:54:13 PM   1200372853   Owner   1784   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/16/2008   10:23:44 AM   1200497024   Owner   1776   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/16/2008   1:47:07 PM   1200509227   Owner   1856   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/16/2008   4:57:13 PM   1200520633   Owner   1748   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/16/2008   5:33:05 PM   1200522785   Owner   1696   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/16/2008   5:37:17 PM   1200523037   Owner   1820   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
2008-01-17   17:40   1200609617   Owner   1820   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1467.nls" file. 
1/17/2008   5:44:17 PM   1200609857   Owner   1820   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1334.nls" file. 
1/17/2008   6:09:06 PM   1200611346   Owner   1880   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/17/2008   8:37:37 PM   1200620257   Owner   1888   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/17/2008   8:45:36 PM   1200620736   Owner   1840   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 
1/17/2008   9:50:19 PM   1200624619   Owner   1888   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\cp1041.nls" file. 

[jbalcorn]

Is this what you are talking about for the combofix log?

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 21:31]
R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2001-08-10 06:00]
S0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys []
S0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys []
S3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{283b87f1-92d3-11da-9815-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb7fa335-3a79-11d7-93b8-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-16 22:37:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 17:42:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

[jbalcorn]

OK....I went in to the add/remove programs and deleted the Norton Antivirus.  It's gone I had to restart the computer and I went to the run services.msc and there is no nprotectservice or norton at all.  I have disabled the AVG Antivirus - should I go in and add/remove it to?
I have posted the Avast log - do I need to delete the log? or just leave it?
I am also going to post the combofix from the Kodak part to the part I just posted. 

[jbalcorn]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton System Doctor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton System Doctor.lnk
backup=C:\WINDOWS\pss\Norton System Doctor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-09-14 14:38 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2005-07-25 22:30 50776 C:\Program Files\America Online 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 07:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2004-12-08 20:57 550912 C:\WINDOWS\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
--a------ 2006-10-30 15:27 715888 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 23:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2005-01-07 20:07 61952 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 19:52 50736 C:\Program Files\Common Files\AOL\1138765954\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2007-05-06 15:20 208946 C:\Program Files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-08-12 19:16 1121792 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-09-18 11:32 7204864 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-09-18 11:32 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-09-18 11:32 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
--a------ 2004-04-05 16:33 99480 C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-01-31 22:53 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
--a------ 2005-08-27 08:09 139264 C:\Program Files\Digital Media Reader\readericon45G.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-09-14 14:38 14820864 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-17 09:42 69632 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stewie Griffin Communicator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-21 23:13 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Washer]
--a------ 2002-08-15 03:07 428544 C:\Program Files\Washer\washer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-01-19 12:49 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[oldman]

Yes, that's the part of the CF log I was looking for. Thanks.

This file has been detected for quiet some time, going back to november.

I don't see that file in the logs.

Let's clean up your left over norton, get you down to one av and look again.   We have other scanners that we can use.

What version of norton did you have? I should be able to find a removal tool for it. Your combofix log is full of norton left overs.

So carry on with disabling the norton service.. i don't think the tool will work very well with it running.

Just saw your new posts as I was posting this.

Yes uninstall avg please. You can leave the avast log, it may come in handy for reference.

[jbalcorn]

OK I went to add/remove and got rid of the AVG antivirus software but left the rootkit by AVG and restarted my computer.  Of course when I restarted the computer the virus warning came up again and I moved it to the chest.