Author Topic: desparately seeking assistance to remove trojan virus (Read 25340 times)

padraig · « **Reply #45 on:** April 24, 2010, 08:02:51 PM »

ComboFix 10-04-17.07 - Patrick 04/24/2010 21:38:20.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.598 [GMT -4:00]
Running from: c:\documents and settings\Patrick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Patrick\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

FILE ::
"c:\documents and settings\Patrick\udpcrawl.tmp"
"c:\windows\system32\corpol.dll"
.

((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 )))))))))))))))))))))))))))))))
.

2010-04-22 12:39 . 2010-04-22 12:39   242696   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-22 12:38 . 2010-04-22 12:38   1689952   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-11 23:14 . 2010-04-11 23:14   --------   d-----w-   c:\documents and settings\Patrick\Local Settings\Application Data\Collectorz.com
2010-04-11 23:13 . 2010-04-11 23:13   --------   d-----w-   c:\program files\Collectorz.com
2010-04-11 21:11 . 2010-04-11 21:12   --------   d-----w-   c:\documents and settings\Patrick\Application Data\Disk Explorer Professional 3
2010-04-11 20:46 . 2010-04-11 20:46   --------   d-----w-   c:\documents and settings\Patrick\.JavaHelp
2010-04-11 20:39 . 2010-04-11 20:50   --------   d-----w-   c:\documents and settings\Patrick\.jajuk
2010-04-11 20:37 . 2010-04-11 20:50   --------   d-----w-   c:\program files\Jajuk
2010-04-11 20:08 . 2010-04-11 20:24   --------   d-----w-   c:\program files\Media Catalog Studio
2010-04-11 19:59 . 2010-04-11 19:59   --------   d-----w-   c:\documents and settings\Patrick\Application Data\Pmcc
2010-04-11 11:47 . 2010-04-11 11:47   1956656   ----a-w-   c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-04-11 11:47 . 2010-04-11 13:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\NOS
2010-04-09 20:47 . 2010-04-09 20:47   4255072   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-06 15:33 . 2010-04-06 15:33   4076824   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-06 15:33 . 2010-04-06 15:33   2059544   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-06 15:33 . 2010-04-06 15:33   1598744   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-06 15:33 . 2010-04-06 15:33   1274136   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-06 15:33 . 2010-04-06 15:33   598296   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-06 15:33 . 2010-04-06 15:33   556824   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-06 15:33 . 2010-04-06 15:33   459544   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-06 15:33 . 2010-04-06 15:33   341272   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-04-06 15:33 . 2010-04-06 15:33   313112   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-06 15:33 . 2010-04-06 15:33   301336   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-06 15:33 . 2010-04-06 15:33   1515224   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-06 15:33 . 2010-04-06 15:33   1086744   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-06 15:32 . 2010-04-06 15:32   813336   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-04-06 15:32 . 2010-04-06 15:32   624920   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-04-06 15:32 . 2010-04-06 15:32   1038688   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-04 20:54 . 2010-04-04 20:54   --------   d-----w-   C:\desktopclean
2010-04-04 17:05 . 2010-04-04 17:05   --------   d-----w-   c:\documents and settings\Anna\Application Data\PCToolsFirewallPlus
2010-04-03 23:12 . 2010-04-03 23:12   --------   d-----w-   C:\$AVG
2010-04-03 22:59 . 2010-04-03 22:59   12464   ----a-w-   c:\windows\system32\avgrsstx.dll
2010-04-03 22:59 . 2010-04-22 12:39   242896   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-04-03 22:59 . 2010-04-03 22:59   216200   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2010-04-03 22:59 . 2010-04-03 22:59   29512   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2010-04-03 22:59 . 2010-04-24 22:26   --------   d-----w-   c:\windows\system32\drivers\Avg
2010-04-03 22:57 . 2010-04-03 22:57   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg9
2010-04-03 22:27 . 2010-04-03 22:40   52224   ----a-w-   c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-03 22:26 . 2010-04-03 22:43   117760   ----a-w-   c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-03 22:24 . 2010-04-03 22:24   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-03-27 22:54 . 2010-03-27 22:55   52224   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-27 22:53 . 2010-03-27 22:55   117760   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-27 20:31 . 2010-03-27 20:31   --------   d-----w-   c:\documents and settings\Patrick\Application Data\PCToolsFirewallPlus
2010-03-27 20:29 . 2009-11-23 17:54   88040   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-27 20:29 . 2009-11-09 15:20   207792   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2010-03-27 20:29 . 2010-01-07 16:40   233136   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2010-03-27 20:29 . 2010-03-27 20:29   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-03-27 20:29 . 2010-01-12 13:34   70664   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-03-27 20:29 . 2010-01-07 15:35   58816   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
2010-03-27 20:29 . 2010-01-07 15:35   32680   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
2010-03-27 20:29 . 2010-01-13 12:59   115216   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
2010-03-27 20:29 . 2010-03-27 20:32   --------   d-----w-   c:\program files\PC Tools Firewall Plus
2010-03-27 03:14 . 2010-03-27 19:28   --------   d-----w-   c:\program files\a-squared Free
2010-03-26 19:54 . 2010-03-26 19:55   --------   d-----w-   c:\program files\DVD Shrink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 02:01 . 2006-12-20 16:35   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-04-18 12:57 . 2008-10-18 19:15   --------   d-----w-   c:\documents and settings\All Users\Application Data\DVD Shrink
2010-04-09 20:44 . 2008-11-27 19:41   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-04-04 17:56 . 2007-07-20 22:26   --------   d-----w-   c:\documents and settings\Patrick\Application Data\LimeWire
2010-04-03 22:39 . 2006-12-20 16:24   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-04-03 22:25 . 2008-11-27 19:41   --------   d-----w-   c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com
2010-03-27 22:57 . 2010-03-27 20:29   120   ----a-w-   c:\documents and settings\Administrator\udpcrawl.tmp
2010-03-27 20:37 . 2009-10-23 13:57   --------   d-----w-   c:\program files\Panda Security
2010-03-27 18:12 . 2006-12-20 16:26   --------   d-----w-   c:\program files\Trend Micro
2010-03-26 21:05 . 2006-12-29 20:10   --------   d-----w-   c:\program files\Civil Series 2004
2010-03-21 14:45 . 2006-12-20 16:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\Symantec
2010-03-21 00:00 . 2008-08-09 11:39   --------   d-----w-   c:\program files\Security Task Manager
2010-03-20 20:33 . 2010-03-20 20:33   --------   d-----w-   c:\program files\AVG
2010-03-20 13:53 . 2009-01-19 20:09   --------   d-----w-   c:\program files\Postal2STP
2010-03-19 20:42 . 2010-01-17 18:02   --------   d-----w-   c:\documents and settings\All Users\Application Data\WinZip
2010-03-19 18:29 . 2010-03-19 18:29   --------   d-----w-   c:\documents and settings\Patrick\Application Data\Uniblue
2010-03-19 14:14 . 2010-01-10 00:12   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-18 02:50 . 2010-03-18 02:50   --------   d-----w-   c:\documents and settings\Patrick\Application Data\Intermedia Software
2010-03-18 01:18 . 2010-03-18 01:18   --------   d-----w-   c:\documents and settings\Patrick\Application Data\Digital Media Solutions
2010-03-14 04:01 . 2010-01-20 04:43   42   ----a-w-   c:\documents and settings\Anna\Application Data\MTC-savedinstructor.dat
2010-03-14 03:17 . 2010-03-14 03:17   38   ----a-w-   c:\documents and settings\Anna\Application Data\MTC-savedfolder.dat
2010-03-13 19:24 . 2010-03-13 19:24   54   ----a-w-   c:\documents and settings\Patrick\Application Data\MTC-savedfolder.dat
2010-03-11 12:38 . 2004-08-11 23:00   832512   ------w-   c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-11 23:00   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-11 23:00   17408   ------w-   c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-11 23:00   430080   ----a-w-   c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2004-08-11 23:00   455680   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 16:51 . 2010-02-02 04:38   3247296   ----a-w-   c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-16 14:08 . 2004-08-11 23:00   2146304   ------w-   c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 04:59   2024448   ------w-   c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-11 23:00   100864   ----a-w-   c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-11 23:00   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys
2010-01-22 22:12 . 2006-12-24 19:58   88   --sh--r-   c:\windows\system32\A97C080420.sys
2010-01-22 22:12 . 2006-12-24 19:58   2516   --sha-w-   c:\windows\system32\KGyGaAvL.sys
1997-06-23 17:06 . 1997-06-23 17:06   287504   --sha-w-   c:\windows\system32\Msxbse35.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-04-11_19.18.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-25 01:43 . 2010-04-25 01:43   16384 c:\windows\temp\Perflib_Perfdata_204.dat
+ 2010-04-25 01:43 . 2010-04-25 01:43   16384 c:\windows\temp\Perflib_Perfdata_198.dat
+ 2010-01-13 14:01 . 2010-01-13 14:01   86016 c:\windows\system32\dllcache\cabview.dll
+ 2004-08-11 23:00 . 2010-01-13 14:01   86016 c:\windows\system32\cabview.dll
+ 2010-04-11 23:21 . 2010-04-11 23:21   21504 c:\windows\assembly\NativeImages_v2.0.50727_32\TVM\d5f6c4ddc906680d085f6e6a76246b19\TVM.ni.dll
+ 2010-04-11 23:21 . 2010-04-11 23:21   68608 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Inte#\4108fbcfcb9c25c35a98fa51aa4a45b4\Intuit.Ctg.Wte.InterviewControlLibrary.ni.dll
+ 2004-08-11 23:00 . 2009-12-24 06:59   177664 c:\windows\system32\wintrust.dll
+ 2009-12-24 06:59 . 2009-12-24 06:59   177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-05-09 10:53 . 2010-03-09 11:09   430080 c:\windows\system32\dllcache\vbscript.dll
- 2008-05-09 10:53 . 2008-05-09 10:53   430080 c:\windows\system32\dllcache\vbscript.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02   226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-11-12 22:36 . 2010-02-24 13:11   455680 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-02-12 04:33 . 2010-02-12 04:33   100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2010-03-18 01:18 . 2003-08-26 20:03   757760 c:\windows\system32\CDDBUI.dll
+ 2010-03-18 01:18 . 2003-08-26 20:01   630784 c:\windows\system32\CDDBControl.dll
+ 2008-11-12 22:36 . 2010-02-24 13:11   455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-04-11 23:21 . 2010-04-11 23:21   656384 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Serv#\a1d5c654e44f6641673fc184784bd694\Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2008-10-16 02:50 . 2010-02-17 13:10   2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25   2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25   2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 02:50 . 2010-02-16 14:08   2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-16 02:50 . 2010-02-17 13:10   2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25   2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25   2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 02:50 . 2010-02-16 14:08   2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-04-11 23:21 . 2010-04-11 23:21   4153344 c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\90187d61a7bc5ba56307c85d2d93c418\ttax.ni.dll
+ 2010-04-11 23:21 . 2010-04-11 23:21   1323520 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\99639ace6996426854e3ce6cd8b1ffcb\Intuit.Ctg.Map.ni.dll
+ 2007-12-25 12:23 . 2010-04-06 17:52   31971272 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2007-12-10 18:46   1510424   ----a-w-   c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-09 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"dlcimon.exe"="c:\program files\Dell AIO Printer 946\dlcimon.exe" [2006-02-13 430080]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1172251831\ee\AOLSoftware.exe" [2006-09-26 50736]
"DLCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-20 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-20 98304]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NoActiveDesktopChanges"="00000000" [X]
"NoActiveDesktop"="0 (0x0)" [X]
"NoSaveSettings"="0 (0x0)" [X]
"ClassicShell"="0 (0x0)" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-20 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-04-03 22:43   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-03 22:59   12464   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/31/2008 8:57 PM 715248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2010 6:59 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2010 6:59 PM 242896]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/27/2010 4:29 PM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/17/2008 3:11 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 3:11 PM 66632]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/3/2010 6:58 PM 308064]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 3:01 AM 13824]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [3/27/2010 4:29 PM 88040]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/14/2006 3:02 AM 13696]
R3 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [3/27/2010 4:29 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [3/27/2010 4:29 PM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [3/27/2010 4:29 PM 115216]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 3:11 PM 12872]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16?

?
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
NoActiveDesktopChanges = 3F 00 00 00
NoActiveDesktop = 63
NoSaveSettings = 63
ClassicShell = 63

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1480)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(340)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\windows\system32\dlcicoms.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2010-04-24 22:03:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-25 02:03
ComboFix2.txt 2010-04-23 20:20
ComboFix3.txt 2010-04-17 21:29
ComboFix4.txt 2010-04-11 19:19

Pre-Run: 121,364,553,728 bytes free
Post-Run: 121,385,558,016 bytes free

- - End Of File - - 431618CA79C8B3B0C594C070898155DB

SuperDave · « **Reply #46 on:** April 25, 2010, 05:36:25 PM »

That log looks clean. How's your computer working now?

padraig · « **Reply #47 on:** April 25, 2010, 06:34:55 PM »

No error messages for about 8 days, speed is slightly better...more importantly I am much more aware of practices, firewall usage and tools available to repair things (i.e. registry changes).

Thanks for your patience over these few weeks and your follow up!

Sláinte!

SuperDave · « **Reply #48 on:** April 26, 2010, 11:56:06 AM »

That sounds good. If there are no other issues, it's time for some clean-up. You can uninstall HJT and delete TDSSKiller. You may keep SAS and MBAM, if you wish. Update them and run them on a regular basis. There is also a very effective tool installed on your computer called MRT, installed by MicroSoft. You can access it by going to Start, Run and type in MRT.exe It doesn't produce a log so that's why we don't use it on this forum but I use it all the time on my computers.
===============================

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
================================
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Computer Hope Forum

News:

Author Topic: desparately seeking assistance to remove trojan virus (Read 25340 times)

padraig

Re: desparately seeking assistance to remove trojan virus

SuperDave

Re: desparately seeking assistance to remove trojan virus

padraig

Re: desparately seeking assistance to remove trojan virus

SuperDave

Re: desparately seeking assistance to remove trojan virus