Solve : desparately seeking assistance to remove trojan virus? – InterviewSolution

InterviewSolution

1.	Solve : desparately seeking assistance to remove trojan virus?
Answer» ComboFix 10-04-17.07 - Patrick 04/24/2010 21:38:20.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.598 [GMT -4:00] Running from: c:\documents and settings\Patrick\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Patrick\Desktop\CFScript.txt AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: PC Tools Firewall Plus disabled {ABBD5028-5A95-4B6D-996E-98D64AE88D52} FILE :: "c:\documents and settings\Patrick\udpcrawl.tmp" "c:\windows\system32\corpol.dll" . ((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 ))))))))))))))))))))))))))))))) . 2010-04-22 12:39 . 2010-04-22 12:39 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-04-22 12:38 . 2010-04-22 12:38 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-04-11 23:14 . 2010-04-11 23:14 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\Collectorz.com 2010-04-11 23:13 . 2010-04-11 23:13 -------- d-----w- c:\program files\Collectorz.com 2010-04-11 21:11 . 2010-04-11 21:12 -------- d-----w- c:\documents and settings\Patrick\Application Data\Disk Explorer Professional 3 2010-04-11 20:46 . 2010-04-11 20:46 -------- d-----w- c:\documents and settings\Patrick\.JavaHelp 2010-04-11 20:39 . 2010-04-11 20:50 -------- d-----w- c:\documents and settings\Patrick\.jajuk 2010-04-11 20:37 . 2010-04-11 20:50 -------- d-----w- c:\program files\Jajuk 2010-04-11 20:08 . 2010-04-11 20:24 -------- d-----w- c:\program files\Media Catalog Studio 2010-04-11 19:59 . 2010-04-11 19:59 -------- d-----w- c:\documents and settings\Patrick\Application Data\Pmcc 2010-04-11 11:47 . 2010-04-11 11:47 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2010-04-11 11:47 . 2010-04-11 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-04-09 20:47 . 2010-04-09 20:47 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2010-04-06 15:33 . 2010-04-06 15:33 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe 2010-04-06 15:33 . 2010-04-06 15:33 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe 2010-04-06 15:33 . 2010-04-06 15:33 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll 2010-04-06 15:33 . 2010-04-06 15:33 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe 2010-04-06 15:33 . 2010-04-06 15:33 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll 2010-04-06 15:33 . 2010-04-06 15:33 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll 2010-04-06 15:33 . 2010-04-06 15:33 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll 2010-04-06 15:33 . 2010-04-06 15:33 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll 2010-04-06 15:33 . 2010-04-06 15:33 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll 2010-04-06 15:33 . 2010-04-06 15:33 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll 2010-04-06 15:33 . 2010-04-06 15:33 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll 2010-04-06 15:33 . 2010-04-06 15:33 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe 2010-04-06 15:32 . 2010-04-06 15:32 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll 2010-04-06 15:32 . 2010-04-06 15:32 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe 2010-04-06 15:32 . 2010-04-06 15:32 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe 2010-04-04 20:54 . 2010-04-04 20:54 -------- d-----w- C:\desktopclean 2010-04-04 17:05 . 2010-04-04 17:05 -------- d-----w- c:\documents and settings\Anna\Application Data\PCToolsFirewallPlus 2010-04-03 23:12 . 2010-04-03 23:12 -------- d-----w- C:\$AVG 2010-04-03 22:59 . 2010-04-03 22:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-04-03 22:59 . 2010-04-22 12:39 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-03 22:59 . 2010-04-03 22:59 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-04-03 22:59 . 2010-04-03 22:59 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-04-03 22:59 . 2010-04-24 22:26 -------- d-----w- c:\windows\system32\drivers\Avg 2010-04-03 22:57 . 2010-04-03 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-04-03 22:27 . 2010-04-03 22:40 52224 ----a-w- c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-04-03 22:26 . 2010-04-03 22:43 117760 ----a-w- c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-04-03 22:24 . 2010-04-03 22:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-03-27 22:54 . 2010-03-27 22:55 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-03-27 22:53 . 2010-03-27 22:55 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-03-27 20:31 . 2010-03-27 20:31 -------- d-----w- c:\documents and settings\Patrick\Application Data\PCToolsFirewallPlus 2010-03-27 20:29 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-03-27 20:29 . 2009-11-09 15:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-03-27 20:29 . 2010-01-07 16:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-03-27 20:29 . 2010-03-27 20:29 -------- d-----w- c:\program files\Common Files\PC Tools 2010-03-27 20:29 . 2010-01-12 13:34 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys 2010-03-27 20:29 . 2010-01-07 15:35 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys 2010-03-27 20:29 . 2010-01-07 15:35 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys 2010-03-27 20:29 . 2010-01-13 12:59 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys 2010-03-27 20:29 . 2010-03-27 20:32 -------- d-----w- c:\program files\PC Tools Firewall Plus 2010-03-27 03:14 . 2010-03-27 19:28 -------- d-----w- c:\program files\a-squared Free 2010-03-26 19:54 . 2010-03-26 19:55 -------- d-----w- c:\program files\DVD Shrink . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-25 02:01 . 2006-12-20 16:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-04-18 12:57 . 2008-10-18 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2010-04-09 20:44 . 2008-11-27 19:41 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-04-04 17:56 . 2007-07-20 22:26 -------- d-----w- c:\documents and settings\Patrick\Application Data\LimeWire 2010-04-03 22:39 . 2006-12-20 16:24 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-04-03 22:25 . 2008-11-27 19:41 -------- d-----w- c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com 2010-03-27 22:57 . 2010-03-27 20:29 120 ----a-w- c:\documents and settings\Administrator\udpcrawl.tmp 2010-03-27 20:37 . 2009-10-23 13:57 -------- d-----w- c:\program files\Panda Security 2010-03-27 18:12 . 2006-12-20 16:26 -------- d-----w- c:\program files\Trend Micro 2010-03-26 21:05 . 2006-12-29 20:10 -------- d-----w- c:\program files\Civil Series 2004 2010-03-21 14:45 . 2006-12-20 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-03-21 00:00 . 2008-08-09 11:39 -------- d-----w- c:\program files\Security Task Manager 2010-03-20 20:33 . 2010-03-20 20:33 -------- d-----w- c:\program files\AVG 2010-03-20 13:53 . 2009-01-19 20:09 -------- d-----w- c:\program files\Postal2STP 2010-03-19 20:42 . 2010-01-17 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2010-03-19 18:29 . 2010-03-19 18:29 -------- d-----w- c:\documents and settings\Patrick\Application Data\Uniblue 2010-03-19 14:14 . 2010-01-10 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-18 02:50 . 2010-03-18 02:50 -------- d-----w- c:\documents and settings\Patrick\Application Data\Intermedia Software 2010-03-18 01:18 . 2010-03-18 01:18 -------- d-----w- c:\documents and settings\Patrick\Application Data\Digital Media Solutions 2010-03-14 04:01 . 2010-01-20 04:43 42 ----a-w- c:\documents and settings\Anna\Application Data\MTC-savedinstructor.dat 2010-03-14 03:17 . 2010-03-14 03:17 38 ----a-w- c:\documents and settings\Anna\Application Data\MTC-savedfolder.dat 2010-03-13 19:24 . 2010-03-13 19:24 54 ----a-w- c:\documents and settings\Patrick\Application Data\MTC-savedfolder.dat 2010-03-11 12:38 . 2004-08-11 23:00 832512 ------w- c:\windows\system32\wininet.dll 2010-03-11 12:38 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:38 . 2004-08-11 23:00 17408 ------w- c:\windows\system32\corpol.dll 2010-03-09 11:09 . 2004-08-11 23:00 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-02-24 13:11 . 2004-08-11 23:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-23 16:51 . 2010-02-02 04:38 3247296 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-02-16 14:08 . 2004-08-11 23:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-04 04:59 2024448 ------w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33 . 2004-08-11 23:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-08-11 23:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2010-01-22 22:12 . 2006-12-24 19:58 88 --sh--r- c:\windows\system32\A97C080420.sys 2010-01-22 22:12 . 2006-12-24 19:58 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys 1997-06-23 17:06 . 1997-06-23 17:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll . ((((((((((((((((((((((((((((( [email protected]_19.18.27 ))))))))))))))))))))))))))))))))))))))))) . + 2010-04-25 01:43 . 2010-04-25 01:43 16384 c:\windows\temp\Perflib_Perfdata_204.dat + 2010-04-25 01:43 . 2010-04-25 01:43 16384 c:\windows\temp\Perflib_Perfdata_198.dat + 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll + 2004-08-11 23:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll + 2010-04-11 23:21 . 2010-04-11 23:21 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\TVM\d5f6c4ddc906680d085f6e6a76246b19\TVM.ni.dll + 2010-04-11 23:21 . 2010-04-11 23:21 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Inte#\4108fbcfcb9c25c35a98fa51aa4a45b4\Intuit.Ctg.Wte.InterviewControlLibrary.ni.dll + 2004-08-11 23:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll + 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll + 2008-05-09 10:53 . 2010-03-09 11:09 430080 c:\windows\system32\dllcache\vbscript.dll - 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll + 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys + 2008-11-12 22:36 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys + 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll + 2010-03-18 01:18 . 2003-08-26 20:03 757760 c:\windows\system32\CDDBUI.dll + 2010-03-18 01:18 . 2003-08-26 20:01 630784 c:\windows\system32\CDDBControl.dll + 2008-11-12 22:36 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys + 2010-04-11 23:21 . 2010-04-11 23:21 656384 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Serv#\a1d5c654e44f6641673fc184784bd694\Intuit.Ctg.Wte.Service.Interface.ni.dll + 2008-10-16 02:50 . 2010-02-17 13:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe + 2008-10-16 02:50 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe + 2008-10-16 02:50 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe + 2008-10-16 02:50 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe + 2008-10-16 02:50 . 2010-02-17 13:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2008-10-16 02:50 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2008-10-16 02:50 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2008-10-16 02:50 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2010-04-11 23:21 . 2010-04-11 23:21 4153344 c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\90187d61a7bc5ba56307c85d2d93c418\ttax.ni.dll + 2010-04-11 23:21 . 2010-04-11 23:21 1323520 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\99639ace6996426854e3ce6cd8b1ffcb\Intuit.Ctg.Map.ni.dll + 2007-12-25 12:23 . 2010-04-06 17:52 31971272 c:\windows\system32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit DEFAULT entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2007-12-10 18:46 1510424 ----a-w- c:\program files\free-downloads.net\tbfree.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-09 2010864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "dlcimon.exe"="c:\program files\Dell AIO Printer 946\dlcimon.exe" [2006-02-13 430080] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216] "HostManager"="c:\program files\Common Files\AOL\1172251831\ee\AOLSoftware.exe" [2006-09-26 50736] "DLCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-20 73728] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-20 98304] "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "NoActiveDesktopChanges"="00000000" [X] "NoActiveDesktop"="0 (0x0)" [X] "NoSaveSettings"="0 (0x0)" [X] "ClassicShell"="0 (0x0)" [X] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-20 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2010-04-03 22:43 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-04-03 22:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R0 SPTD;sptd;c:\windows\system32\drivers\sptd.sys [12/31/2008 8:57 PM 715248] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2010 6:59 PM 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2010 6:59 PM 242896] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/27/2010 4:29 PM 233136] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/17/2008 3:11 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 3:11 PM 66632] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/3/2010 6:58 PM 308064] R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 3:01 AM 13824] R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [3/27/2010 4:29 PM 88040] R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032] R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/14/2006 3:02 AM 13696] R3 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?] R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [3/27/2010 4:29 PM 70664] R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [3/27/2010 4:29 PM 58816] R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [3/27/2010 4:29 PM 115216] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 3:11 PM 12872] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ . ************************************************************************ scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,[email protected]?? HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run NoActiveDesktopChanges = 3F 00 00 00 NoActiveDesktop = 63 NoSaveSettings = 63 ClassicShell = 63 scanning hidden files ... scan completed successfully hidden files: ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1480) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(340) c:\windows\system32\WININET.dll c:\program files\Common Files\AOL\ACS\WLHook.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe c:\program files\AVG\AVG9\avgnsx.exe c:\windows\system32\nvsvc32.exe c:\program files\PC Tools Firewall Plus\FWService.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\windows\system32\wdfmgr.exe c:\windows\wanmpsvc.exe c:\windows\system32\wscntfy.exe c:\program files\Microsoft ActiveSync\wcescomm.exe c:\windows\system32\dlcicoms.exe c:\progra~1\MI3AA1~1\rapimgr.exe . ********************************************************************** . Completion time: 2010-04-24 22:03:11 - machine was rebooted ComboFix-quarantined-files.txt 2010-04-25 02:03 ComboFix2.txt 2010-04-23 20:20 ComboFix3.txt 2010-04-17 21:29 ComboFix4.txt 2010-04-11 19:19 Pre-Run: 121,364,553,728 bytes free Post-Run: 121,385,558,016 bytes free - - End Of File - - 431618CA79C8B3B0C594C070898155DB That log looks clean. How's your computer working now?No error messages for about 8 days, speed is slightly better...more importantly I am much more aware of practices, firewall usage and tools available to repair things (i.e. registry changes). Thanks for your patience over these few weeks and your follow up! Sláinte! That sounds good. If there are no other issues, it's time for some clean-up. You can uninstall HJT and delete TDSSKiller. You may keep SAS and MBAM, if you wish. Update them and run them on a regular basis. There is also a very effective tool installed on your computer called MRT, installed by MicroSoft. You can access it by going to Start, Run and type in MRT.exe** It doesn't produce a log so that's why we don't use it on this forum but I use it all the time on my computers. =============================== * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box. * Now type Combofix /uninstall in the runbox * Make sure there's a space between Combofix and /Uninstall * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ================================ Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update ANYTHING listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!

Discussion

No Comment Found

Related InterviewSolutions