Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: I would REALLY love someones help :)! (A Trojan problem)  (Read 10943 times)

0 Members and 1 Guest are viewing this topic.

007will

    Topic Starter


    Beginner

    I would REALLY love someones help :)! (A Trojan problem)
    « on: December 29, 2008, 11:20:06 AM »
    I have a sort of Trojan.... a win32 thingy or something. Anyway i have tried getting rid of it but i just can't seem to. When i try and download any of the programs you suggest in here for getting rid of things it wont let me access the website or if it does then it wont download. So i can't get any spyware things or anything. Does anyone have any ideas ?

    Thanks for any help you can give me!

    Will

    evilfantasy

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Calm like a bomb
    • Thanked: 489
    • Experience: Familiar
    • OS: Windows 10
    Re: I would REALLY love someones help :)! (A Trojan problem)
    « Reply #1 on: December 29, 2008, 02:39:30 PM »
    Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
    • Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
    • Then search for TDSSserv.sys
    • Let me know if you find this or not.
    • If you do find it, right click on it, and select “Disable”. Do not try to uninstall it.
    • Also if this is found and you disable it.
    • Now reboot and see if you can run the other scans that would not run.

    007will

      Topic Starter


      Beginner

      Re: I would REALLY love someones help :)! (A Trojan problem)
      « Reply #2 on: December 30, 2008, 10:58:17 AM »
      Hi there

      Thanks for the reply!

      I think ur a genius

      I did find TDSSserv.sys

      and i selected “Disable”.

      What should i do now?

      Thanks for ur help in advance

      evilfantasy

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Calm like a bomb
      • Thanked: 489
      • Experience: Familiar
      • OS: Windows 10
      Re: I would REALLY love someones help :)! (A Trojan problem)
      « Reply #3 on: December 30, 2008, 03:02:37 PM »
      Work through this thread http://www.computerhope.com/forum/index.php/topic,46313.0.html\

      Post the 3 logs when complete.

      007will

        Topic Starter


        Beginner

        Re: I would REALLY love someones help :)! (A Trojan problem)
        « Reply #4 on: January 01, 2009, 09:45:07 AM »
        Okay so i have done the next steps.... and have got the 3 post.
        This is post 1... from super antispyware
        I have had to attach it... hope thats okay :)

        [attachment deleted by admin]

        007will

          Topic Starter


          Beginner

          Re: I would REALLY love someones help :)! (A Trojan problem)
          « Reply #5 on: January 01, 2009, 09:48:29 AM »
          This is number 2.... from Malwarebytes' Anti-Malware

          Again its attached.


          [attachment deleted by admin]

          007will

            Topic Starter


            Beginner

            Re: I would REALLY love someones help :)! (A Trojan problem)
            « Reply #6 on: January 01, 2009, 09:49:19 AM »
            And finally this is number 3... from HJT

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 16:33:14, on 01/01/2009
            Platform: Windows XP SP3 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16762)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\system32\hkcmd.exe
            C:\WINDOWS\system32\igfxpers.exe
            C:\WINDOWS\stsystra.exe
            C:\Program Files\Dell\Media Experience\DMXLauncher.exe
            C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
            C:\Program Files\Real\RealPlayer\RealPlay.exe
            C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
            C:\WINDOWS\System32\DLA\DLACTRLW.EXE
            C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
            C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
            C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
            C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
            C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
            C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
            C:\Program Files\Winamp\winampa.exe
            C:\Program Files\Zune\ZuneLauncher.exe
            C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
            C:\Program Files\iTunes\iTunesHelper.exe
            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
            C:\Program Files\Bonjour\mDNSResponder.exe
            C:\Program Files\Dell Network Assistant\hnm_svc.exe
            C:\Program Files\Dell Support\DSAgnt.exe
            C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
            C:\Program Files\Messenger\msmsgs.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
            C:\Program Files\Kontiki\KHost.exe
            C:\Program Files\AOL 9.0\aoltray.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
            C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
            C:\Program Files\Logitech\SetPoint\KEM.exe
            C:\Program Files\Windows Desktop Search\WindowsSearch.exe
            C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
            C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
            C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
            C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
            C:\WINDOWS\system32\svchost.exe
            c:\WINDOWS\system32\ZuneBusEnum.exe
            C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
            C:\Program Files\Microsoft Windows OneCare Live\winss.exe
            C:\WINDOWS\system32\SearchIndexer.exe
            C:\WINDOWS\system32\wscntfy.exe
            C:\Program Files\Kontiki\KService.exe
            C:\Program Files\iPod\bin\iPodService.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Zune\Zune.exe
            C:\WINDOWS\system32\rundll32.exe
            C:\WINDOWS\system32\msiexec.exe
            C:\Program Files\Java\jre6\bin\jusched.exe
            C:\Program Files\Java\jre6\bin\jqs.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\WINDOWS\system32\SearchProtocolHost.exe
            C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6060920
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6060920
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6060920
            R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
            O2 - BHO: (no name) - {57E394F8-7A33-4761-B5AB-3FD065BBA788} - C:\WINDOWS\system32\pmnkLecc.dll (file missing)
            O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
            O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
            O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
            O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
            O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
            O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
            O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
            O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
            O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
            O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
            O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
            O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
            O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
            O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
            O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
            O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
            O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
            O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
            O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
            O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
            O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
            O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
            O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB002" /M "Stylus C64"
            O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
            O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
            O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
            O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
            O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
            O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
            O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
            O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
            O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
            O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
            O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
            O4 - Global Startup: Dell Network Assistant.lnk = ?
            O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
            O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
            O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
            O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
            O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?ef33e663c6294f39a663bec59006f5a9
            O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?ef33e663c6294f39a663bec59006f5a9
            O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
            O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
            O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
            O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
            O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Will\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
            O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
            O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
            O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159216988941
            O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
            O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
            O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/stream.ocx
            O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
            O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
            O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
            O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
            O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
            O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
            O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
            O20 - Winlogon Notify: efcYQjHA - efcYQjHA.dll (file missing)
            O20 - Winlogon Notify: f739a6511 - C:\WINDOWS\System32\davclnt32.dll (file missing)
            O20 - Winlogon Notify: khfFULEV - khfFULEV.dll (file missing)
            O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
            O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
            O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
            O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
            O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
            O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
            O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
            O23 - Service: NMSAccessU - Unknown owner - C:\Documents and Settings\Will\Local Settings\Temp\{A069857B-A614-4598-9495-B0029E79B748}\NMSAccessU.exe (file missing)
            O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
            O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

            --
            End of file - 14783 bytes

            evilfantasy

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Calm like a bomb
            • Thanked: 489
            • Experience: Familiar
            • OS: Windows 10
            Re: I would REALLY love someones help :)! (A Trojan problem)
            « Reply #7 on: January 01, 2009, 03:08:48 PM »
            Open HijackThis and select Do a system scan only.

            Place a check mark next to the following entries: (if there)

            - O2 - BHO: (no name) - {57E394F8-7A33-4761-B5AB-3FD065BBA788} - C:\WINDOWS\system32\pmnkLecc.dll (file missing)
            - O20 - Winlogon Notify: efcYQjHA - efcYQjHA.dll (file missing)
            - O20 - Winlogon Notify: f739a6511 - C:\WINDOWS\System32\davclnt32.dll (file missing)
            - O20 - Winlogon Notify: khfFULEV - khfFULEV.dll (file missing)


            Important: Close all open windows except for HijackThis and then click Fix checked.

            Once completed, exit HijackThis.

            ----------

            Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

            Link #1
            Link #2

            **Note:  It is important that it is saved directly to your Desktop

            Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

            Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
             
            Double click combofix.exe & follow the prompts.

            For Windows XP Systems install the Recovery Console:

            - If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes.
            - If for some reason your Internet is not working click No.
            - If you are not using Windows XP, you will not be prompted.
            - When prompted to accept the EULA click OK.
            - Accept Microsoft's EULA (Click Yes).
            - When you are told that the RC is installed correctly click YES to continue scanning for malware.

            When finished ComboFix will produce a log for you.
            Post the ComboFix log in your next reply.

            Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

            Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

            007will

              Topic Starter


              Beginner

              Re: I would REALLY love someones help :)! (A Trojan problem)
              « Reply #8 on: January 03, 2009, 05:09:20 AM »
              Great thanks for everything so far!

              Nxt log is attached below....



              [attachment deleted by admin]

              evilfantasy

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Calm like a bomb
              • Thanked: 489
              • Experience: Familiar
              • OS: Windows 10
              Re: I would REALLY love someones help :)! (A Trojan problem)
              « Reply #9 on: January 03, 2009, 11:29:51 AM »
              Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

              Delete these files/folders, as follows:

              1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
              It must be Notepad, not Wordpad.
              2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

              Code: [Select]
              KillAll::

              Driver::
              -------\Legacy_PACKET
              -------\Legacy_TDSSSERV.SYS
              -------\Service_Packet
              -------\Service_TDSSserv.sys

              Folder::
              c:\temp\REX81

              File::
              c:\windows\system32\1F.tmp
              c:\windows\system32\vbzip10.dll
              c:\docume~1\Will\LOCALS~1\Temp\pfsvgae.sys
              c:\windows\Tasks\czjpgzpf.job

              Registry::
              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "MSMSGS"=-

              3. Go to the Notepad window and click Edit > Paste
              4. Then click File > Save
              5. Name the file CFScript.txt - Save the file to your Desktop
              6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



              ComboFix will begin to execute, just follow the prompts.
              After reboot (in case it asks to reboot), it will produce a log for you.
              Post that log (Combofix.txt) in your next reply.

              Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

              007will

                Topic Starter


                Beginner

                Re: I would REALLY love someones help :)! (A Trojan problem)
                « Reply #10 on: January 04, 2009, 07:08:26 AM »
                Rite... done all of that... next log is attached.

                [attachment deleted by admin]

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Calm like a bomb
                • Thanked: 489
                • Experience: Familiar
                • OS: Windows 10
                Re: I would REALLY love someones help :)! (A Trojan problem)
                « Reply #11 on: January 04, 2009, 11:47:00 AM »
                Download the OTMoveIt3 by OldTimer

                Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

                * Save it to your Desktop.
                * Double-click OTMoveIt3.exe to run it.
                * Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

                Code: [Select]
                :Processes
                explorer.exe

                :services

                :reg

                :files
                c:\docume~1\Will\LOCALS~1\Temp\pfsvgae.sys

                :Commands
                [purity]
                [emptytemp]
                [start explorer]
                [Reboot]

                * Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
                * Click the red Moveit! button.
                * Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
                Close OTMoveIt3

                Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

                007will

                  Topic Starter


                  Beginner

                  Re: I would REALLY love someones help :)! (A Trojan problem)
                  « Reply #12 on: January 05, 2009, 10:42:34 AM »
                  Rite here is the results window...

                  ========== PROCESSES ==========
                  Process explorer.exe killed successfully.
                  ========== SERVICES/DRIVERS ==========
                  ========== REGISTRY ==========
                  ========== FILES ==========
                  File/Folder c:\docume~1\Will\LOCALS~1\Temp\pfsvgae.sys not found.
                  ========== COMMANDS ==========
                  User's Temp folder emptied.
                  User's Temporary Internet Files folder emptied.
                  User's Internet Explorer cache folder emptied.
                  Local Service Temp folder emptied.
                  File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
                  Local Service Temporary Internet Files folder emptied.
                  File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a3c.dat scheduled to be deleted on reboot.
                  File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a48.dat scheduled to be deleted on reboot.
                  File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a98.dat scheduled to be deleted on reboot.
                  File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_e44.dat scheduled to be deleted on reboot.
                  Windows Temp folder emptied.
                  Java cache emptied.
                  FireFox cache emptied.
                  Temp folders emptied.
                  Explorer started successfully
                   
                  OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01052009_172925

                  Files moved on Reboot...
                  File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
                  File C:\WINDOWS\temp\Perflib_Perfdata_a3c.dat not found!
                  File C:\WINDOWS\temp\Perflib_Perfdata_a48.dat not found!
                  File C:\WINDOWS\temp\Perflib_Perfdata_a98.dat not found!
                  C:\WINDOWS\temp\Perflib_Perfdata_e44.dat moved successfully.

                  evilfantasy

                  • Malware Removal Specialist
                  • Moderator


                  • Genius
                  • Calm like a bomb
                  • Thanked: 489
                  • Experience: Familiar
                  • OS: Windows 10
                  Re: I would REALLY love someones help :)! (A Trojan problem)
                  « Reply #13 on: January 05, 2009, 11:11:07 AM »
                    Go to
                  Start > Run and copy then paste the below file path into the window then click OK.

                  c:\docume~1\Will\LOCALS~1\Temp

                  See if the file pfsvgae.sys is there and delete it if found.

                  ---------

                  • Click START then RUN
                  • Now type Combofix /u in the runbox
                  • Make sure there's a space between Combofix and /u
                  • Then hit Enter.
                  • The above procedure will:
                  • Delete the following:
                  • ComboFix and its associated files and folders.
                  • Reset the clock settings.
                  • Hide file extensions, if required.
                  • Hide System/Hidden files, if required.
                  • Set a new, clean Restore Point.
                  ----------

                  Download ATF Cleaner by Atribune to your Desktop.

                  Alternate download link

                  Note: Vista users must use Run As Administrator
                  • Under Main: Select Files to Delete choose: Select All.
                  • Click the Empty Selected button.
                  • If you use Firefox browser click Firefox at the top and choose: Select All
                  • Click the Empty Selected button.
                    If you would like to keep your saved passwords click No at the prompt.
                  • If you use Opera browser click Opera at the top and choose: Select All
                  • Click the Empty Selected button.
                    If you would like to keep your saved passwords click No at the prompt.
                  • Click Exit on the Main menu to close the program.
                  .
                  Note that your system will run slower for a reboot or two after having used this tool so don't panic.

                  ----------

                  1. Double click OTMoveIt3.exe to launch it.
                  If using Vista Right-Click OTMoveIt and choose Run As Administrator
                  2. Click on the CleanUp! button.
                  3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
                  4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
                  • When finished exit out of OTMoveIt3
                  .
                  ----------

                  How is the computer running now?

                  007will

                    Topic Starter


                    Beginner

                    Re: I would REALLY love someones help :)! (A Trojan problem)
                    « Reply #14 on: January 05, 2009, 01:36:17 PM »
                    yeh everything looks okay at the mo.... except well the only thing at the mo that i can see is that all of the pictures and logos and stuff. images i guess. well they dnt show unless u rite click them and click show picture. thats the only thing i can see.

                    evilfantasy

                    • Malware Removal Specialist
                    • Moderator


                    • Genius
                    • Calm like a bomb
                    • Thanked: 489
                    • Experience: Familiar
                    • OS: Windows 10
                    Re: I would REALLY love someones help :)! (A Trojan problem)
                    « Reply #15 on: January 05, 2009, 01:56:09 PM »
                    Reset Settings in Internet Explorer 7

                    Follow these steps to use the Reset Internet Explorer Settings feature from Internet Explorer 7:

                       1. In Internet Explorer 7, click the Tools menu, and then click Internet Options.
                       2. On the Advanced tab, click Reset.
                       3. In the Reset Internet Explorer Settings dialog box, click Reset.
                       4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
                       5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.

                    How is it now?

                    007will

                      Topic Starter


                      Beginner

                      Re: I would REALLY love someones help :)! (A Trojan problem)
                      « Reply #16 on: January 05, 2009, 02:02:16 PM »
                      yep that worked! cheers! Everything else seems fine! Thanks for your help. If i have anymore problems i will come back to you!

                      thanks for all your hard work!

                      evilfantasy

                      • Malware Removal Specialist
                      • Moderator


                      • Genius
                      • Calm like a bomb
                      • Thanked: 489
                      • Experience: Familiar
                      • OS: Windows 10
                      Re: I would REALLY love someones help :)! (A Trojan problem)
                      « Reply #17 on: January 05, 2009, 02:04:07 PM »
                      Glad it worked.

                      A few more tips to look at.

                      Use the Secunia Software Inspector to check for out of date software.
                      • Click Start Now
                      • Check the box next to Enable thorough system inspection.
                      • Click Start
                      • Allow the scan to finish and scroll down to see if any updates are needed.
                      • Update anything listed.
                      .
                      ----------

                      Go to Microsoft Windows Update and get all critical updates.

                      ----------

                      Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

                      Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript

                      To prevent unknown applications from being installed on your computer install WinPatrol 2008
                      * Using Winpatrol to protect your computer from malicious software

                      I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                      SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
                      * Using SpywareBlaster to protect your computer from Spyware and Malware
                      * If you don't know what ActiveX controls are, see here

                      Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

                      Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.