Computer Hope
Software => Computer viruses and spyware => Topic started by: padraig on March 27, 2010, 02:11:05 PM
-
last week I received a notice from Malewarebyte's anti-malware software that my system (Windows XP) was infected with a trojan virus. I have run removal no less than 10 times and now it replicates and kills my programs. It has since redirected my IE7 to antivirus software pages.
I cannot rid my computer of this and am in serious need of some very basic support. I'm not stupid, but I sure could use some step by step assistance if anyone has that type of patience.
-
http://www.computerhope.com/forum/index.php/topic,46313.0.html
-
Ok i know a way. Does it tell you the process name? The name of it?
If you know this info please reply and if you wish for me to help please PM me or reply "Help" as in as connect and look for it manually and remove it manually.
-
Okay,
I have gotten through about 20% of the help forum and have had to switch between my regular log in and running in safe mode because the links on the instructions page will not work. My IE7 browser continues to either get redirected or will not load the webpage.
I completed a scan using SAS but when I pushed the "finish" button it shut down power to my entire PC.
I am sorry but can anyone help?
-
Go to this link to create a Rescue CD (http://evilfantasy.wordpress.com/2009/05/06/rescue-cds/) or to this site to create a Rescue USB (http://evilfantasy.wordpress.com/bitdefender-rescue-usb/). Carefully follow all the instructions for whichever method you choose. You will need to do this on a clean computer.
-
I had to use a PC at the public library to burn a recover CD. An hour later I followed the instructions provided on the link but the CD does not boot my PC. I attempted a safe boot, but again it will not read the CD drivem I am using my CrackBerry to send this as the library is closed.
It must be Murphy's Law at work here, as I am out of town this coming week and cannot test any other solutions after tonight.
Thanks!
-
You will probably have to change your BIOS to boot from the CD. Please contact us when you return.
-
I have tried several times to connectn but whatever has taken over blocks all attempts to load this web page. Blackberry is my only communication on this forum. All attempts to boot from downloaded USB or CD are ignored. Should I reformat?
-
Did you go into your BIOS and change the boot sequence to show your Diskdrive to boot first?
-
i tried but found nothing to show me how to do this
-
Go here. (http://www.computerhope.com/issues/ch000192.htm) You will need to change the boot sequence. Set it so your computer boots from the diskdrive(CD-ROM). If you have more than one diskdrive (CD-ROM) select the one where you will place your disk.
-
well, after many steps I have eliminated the trojan that first attacked my internet connection then infected my anti-virus software...ironic huh?
thanks Super Dave for your patience and guidance. I am contemplating an external harddrive purchase to image my C: just in case.
Cheers,
Padraig
-
Why not go to this link (http://www.computerhope.com/forum/index.php/topic,46313.0.html) and follow the directions and post the required logs. That way you will be sure your computer is clean.
-
Thanks Super Dave, I guess that would help others too. I work out of town so weekends are the only time that I have access to this PC. Here are the logs for SAS before and then after, along with the logs for AVG before and after.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/03/2010 at 06:37 PM
Application Version : 4.22.1014
Core Rules Database Version : 4766
Trace Rules Database Version: 2578
Scan type : Quick Scan
Total Scan Time : 00:06:21
Memory items scanned : 440
Memory threats detected : 3
Registry items scanned : 489
Registry threats detected : 58
File items scanned : 6752
File threats detected : 10
Trojan.Dropper/Sys-NV
C:\WINDOWS\SYSTEM32\DSWAVE32.DLL
C:\WINDOWS\SYSTEM32\DSWAVE32.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\441d49b854
Trojan.Agent/Gen
C:\WINDOWS\SYSTEM32\12A.TMP
C:\WINDOWS\SYSTEM32\12A.TMP
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig15
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig4
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig5
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig20
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig25
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str14
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig10
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str6
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str7
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str8
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str9
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str10
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str13
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str1
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str2
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str5
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig7
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig8
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig6
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str16
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str17
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str19
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig18
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig17
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str22
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str23
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str25
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#str26
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig24
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\SOFTWARE\XML#dig23
Trojan.Agent/Gen-NumTemp
C:\WINDOWS\SYSTEM32\11.TMP
C:\WINDOWS\SYSTEM32\11.TMP
Adware.Vundo/Variant-X32[Header]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{015FAB16-B268-4248-9549-7469CB348D20}
HKCR\CLSID\{015FAB16-B268-4248-9549-7469CB348D20}
HKCR\CLSID\{015FAB16-B268-4248-9549-7469CB348D20}\InprocServer32
HKCR\CLSID\{015FAB16-B268-4248-9549-7469CB348D20}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\D3DRM32.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{021548D5-E78F-41F4-9513-C06289008553}
HKCR\CLSID\{021548D5-E78F-41F4-9513-C06289008553}
HKCR\CLSID\{021548D5-E78F-41F4-9513-C06289008553}\InprocServer32
HKCR\CLSID\{021548D5-E78F-41F4-9513-C06289008553}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\DINPUT3232.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02BF562D-B268-4248-9549-7469CB348D20}
HKCR\CLSID\{02BF562D-B268-4248-9549-7469CB348D20}
HKCR\CLSID\{02BF562D-B268-4248-9549-7469CB348D20}\InprocServer32
HKCR\CLSID\{02BF562D-B268-4248-9549-7469CB348D20}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\FONTEXT32.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{042A91AA-E78F-41F4-9513-C06289008553}
HKCR\CLSID\{042A91AA-E78F-41F4-9513-C06289008553}
HKCR\CLSID\{042A91AA-E78F-41F4-9513-C06289008553}\InprocServer32
HKCR\CLSID\{042A91AA-E78F-41F4-9513-C06289008553}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{057EAC5B-B268-4248-9549-7469CB348D20}
HKCR\CLSID\{057EAC5B-B268-4248-9549-7469CB348D20}
HKCR\CLSID\{057EAC5B-B268-4248-9549-7469CB348D20}\InprocServer32
HKCR\CLSID\{057EAC5B-B268-4248-9549-7469CB348D20}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\EAPPPRXY32.DLL
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{015FAB16-B268-4248-9549-7469CB348D20}
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{021548D5-E78F-41F4-9513-C06289008553}
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02BF562D-B268-4248-9549-7469CB348D20}
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042A91AA-E78F-41F4-9513-C06289008553}
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{057EAC5B-B268-4248-9549-7469CB348D20}
Adware.Tracking Cookie
C:\Documents and Settings\Patrick\Cookies\patrick@atdmt[2].txt
C:\Documents and Settings\Patrick\Cookies\patrick@interclick[2].txt
C:\Documents and Settings\Patrick\Cookies\patrick@doubleclick[2].txt
Trojan.Unclassified/Cognac
HKU\S-1-5-21-2796421550-788906634-1267632633-1006\Software\Cognac
-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/03/2010 at 06:47 PM
Application Version : 4.35.1000
Core Rules Database Version : 4766
Trace Rules Database Version: 2578
Scan type : Quick Scan
Total Scan Time : 00:02:15
Memory items scanned : 498
Memory threats detected : 0
Registry items scanned : 497
Registry threats detected : 0
File items scanned : 502
File threats detected : 31
Trojan.Agent/Gen-FakeAV[LSASS]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\SYSTEMPROC\LSASS.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\1.TMP
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@insightexpressai[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@admarketplace[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@collective-media[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imrworldwide[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@theclickcheck[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@smartadserver[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@invitemedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pro-market[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kontera[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@linksynergy[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/03/2010 at 08:25 PM
Application Version : 4.35.1000
Core Rules Database Version : 4766
Trace Rules Database Version: 2578
Scan type : Complete Scan
Total Scan Time : 00:37:11
Memory items scanned : 496
Memory threats detected : 0
Registry items scanned : 7491
Registry threats detected : 0
File items scanned : 26132
File threats detected : 34
Adware.Tracking Cookie
C:\Documents and Settings\Patrick\Cookies\patrick@revsci[1].txt
C:\Documents and Settings\Patrick\Cookies\[email protected][1].txt
C:\Documents and Settings\Patrick\Cookies\patrick@doubleclick[1].txt
Trojan.Agent/Gen-FakeAV[LSASS]
C:\DOCUMENTS AND SETTINGS\PATRICK\APPLICATION DATA\SYSTEMPROC\LSASS.EXE
C:\DOCUMENTS AND SETTINGS\PATRICK\LOCAL SETTINGS\TEMP\8.TMP
C:\DOCUMENTS AND SETTINGS\PATRICK\LOCAL SETTINGS\TEMP\31.TMP
C:\DOCUMENTS AND SETTINGS\PATRICK\LOCAL SETTINGS\TEMP\36.TMP
Trojan.Agent/Gen-NumTemp
C:\WINDOWS\SYSTEM32\1.TMP
Adware.Vundo/Variant-X32[Header]
C:\WINDOWS\SYSTEM32\D3DX9_2532.DLL
C:\WINDOWS\SYSTEM32\DBMSLPCN32.DLL
C:\WINDOWS\SYSTEM32\DEVMGR32.DLL
C:\WINDOWS\SYSTEM32\DLCIHBN332.DLL
C:\WINDOWS\SYSTEM32\DLCIPMUI32.DLL
C:\WINDOWS\SYSTEM32\DMCONFIG32.DLL
C:\WINDOWS\SYSTEM32\DMDSKRES32.DLL
C:\WINDOWS\SYSTEM32\DMINTF32.DLL
C:\WINDOWS\SYSTEM32\DMSCRIPT32.DLL
C:\WINDOWS\SYSTEM32\DNSAPI32.DLL
C:\WINDOWS\SYSTEM32\DOT3MSM3232.DLL
C:\WINDOWS\SYSTEM32\DRPROV32.DLL
C:\WINDOWS\SYSTEM32\DSDMOPRP32.DLL
C:\WINDOWS\SYSTEM32\DSKQUOUI32.DLL
C:\WINDOWS\SYSTEM32\DSSEC32.DLL
C:\WINDOWS\SYSTEM32\FM20ENU32.DLL
C:\WINDOWS\SYSTEM32\FM20ENU3232.DLL
C:\WINDOWS\SYSTEM32\FXSCOM32.DLL
C:\WINDOWS\SYSTEM32\FXSUI32.DLL
Trojan.Dropper/Sys-NV
C:\WINDOWS\SYSTEM32\DGNET32.DLL
C:\WINDOWS\SYSTEM32\DINPUT32.DLL
C:\WINDOWS\SYSTEM32\DPLAY32.DLL
C:\WINDOWS\SYSTEM32\DSOUND3D32.DLL
Trojan.Dropper/Win-NV
C:\WINDOWS\SYSTEM32\DPNMODEM32.DLL
C:\WINDOWS\SYSTEM32\DS32GT32.DLL
C:\WINDOWS\SYSTEM32\EAPQEC32.DLL
-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/04/2010 at 09:08 AM
Application Version : 4.35.1000
Core Rules Database Version : 4766
Trace Rules Database Version: 2578
Scan type : Complete Scan
Total Scan Time : 01:01:12
Memory items scanned : 482
Memory threats detected : 0
Registry items scanned : 7491
Registry threats detected : 0
File items scanned : 53085
File threats detected : 1
Trojan.Dropper/SVCHost-Fake
H:\RECYCLED\DH63\RECYCLER\S-1-5-21-606747145-1085031214-725345543-500\SVCHOST.EXE
-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/04/2010 at 12:38 PM
Application Version : 4.35.1000
Core Rules Database Version : 4766
Trace Rules Database Version: 2578
Scan type : Complete Scan
Total Scan Time : 00:58:15
Memory items scanned : 489
Memory threats detected : 0
Registry items scanned : 7491
Registry threats detected : 0
File items scanned : 53347
File threats detected : 23
Adware.Tracking Cookie
C:\Documents and Settings\Patrick\Cookies\patrick@tacoda[1].txt
C:\Documents and Settings\Patrick\Cookies\[email protected][1].txt
C:\Documents and Settings\Patrick\Cookies\[email protected][1].txt
C:\Documents and Settings\Patrick\Cookies\patrick@atdmt[1].txt
C:\Documents and Settings\Patrick\Cookies\patrick@casalemedia[2].txt
C:\Documents and Settings\Patrick\Cookies\patrick@eyewonder[1].txt
C:\Documents and Settings\Patrick\Cookies\[email protected][1].txt
C:\Documents and Settings\Patrick\Cookies\patrick@pointroll[1].txt
C:\Documents and Settings\Patrick\Cookies\[email protected][1].txt
C:\Documents and Settings\Patrick\Cookies\patrick@fastclick[1].txt
C:\Documents and Settings\Patrick\Cookies\[email protected][2].txt
C:\Documents and Settings\Patrick\Cookies\patrick@specificmedia[1].txt
C:\Documents and Settings\Patrick\Cookies\patrick@questionmarket[2].txt
C:\Documents and Settings\Patrick\Cookies\patrick@apmebf[2].txt
C:\Documents and Settings\Patrick\Cookies\[email protected][1].txt
C:\Documents and Settings\Patrick\Cookies\patrick@yieldmanager[1].txt
C:\Documents and Settings\Patrick\Cookies\patrick@advertising[1].txt
C:\Documents and Settings\Patrick\Cookies\patrick@interclick[1].txt
C:\Documents and Settings\Patrick\Cookies\[email protected][2].txt
C:\Documents and Settings\Patrick\Cookies\patrick@mediaplex[2].txt
C:\Documents and Settings\Patrick\Cookies\patrick@doubleclick[1].txt
C:\Documents and Settings\Patrick\Cookies\[email protected][2].txt
C:\Documents and Settings\Patrick\Cookies\patrick@specificclick[2].txt
-
Please download: HiJackThis (http://go.trendmicro.com/free-tools/hijackthis/HijackThisInstaller.exe) to your Desktop.
- Double Click the HijackThis icon, located on your Desktop.
- By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
- Accept the license agreement.
- Click the Open the Misc Tools section button.
- Place a checkmark beside Calculate MD5 of files if possible. Then, click Back.
- Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
- Please post the log in your next reply.
========================
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.
link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
link #2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts. (you will receive a UAC prompt, please allow it)
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
Check this out: Link Removed.
I had the worst nightmare of my computer when it was hit by a trojan virus.
This website was recommended by a friend of mine who also experienced the best support we ever had.
Hope this will help you.
-
Here is the contents of the Hijack This log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:05 PM, on 4/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\dlcicoms.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell AIO Printer 946\dlcimon.exe
C:\Program Files\Common Files\AOL\1172251831\ee\AOLSoftware.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (filesize 1602912 bytes, MD5 62AF967D28EE464C8919CD87C6E6FF86)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (filesize 98304 bytes, MD5 28E1B808DD272CBD8F5667959DEB61C1)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (filesize 73728 bytes, MD5 DEE8F03D1EACE0C8F914A2C76568EA32)
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (filesize 1510424 bytes, MD5 ADE6F3EFAA68CAF59EEE9C17D35D4927)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (filesize 1510424 bytes, MD5 ADE6F3EFAA68CAF59EEE9C17D35D4927)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (filesize 33280 bytes, MD5 037B1E7798960E0420003D05BB577EE6)
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe" (filesize 430080 bytes, MD5 5BCA13F425E6236E01A09D3CC2E5D81C)
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeC:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1172251831\ee\AOLSoftware.exeC:\Program Files\Common Files\AOL\1172251831\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [cxywaaba] C:\Documents and Settings\Patrick\Local Settings\Application Data\eukfie\xdkysftav.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (filesize 98304 bytes, MD5 C341CCFBE98BC7DF6E0B856BB9FC265A)
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s (filesize 3168216 bytes, MD5 B4C1C657FCCCAF24EBF028CE68E6D086)
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exeC:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (filesize 1289000 bytes, MD5 5515EB5E3A8B073F66CFC697EB0D4B55)
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\DOCUME~1\Patrick\LOCALS~1\Temp\13.tmpC:\DOCUME~1\Patrick\LOCALS~1\Temp\13.tmp
O4 - HKUS\S-1-5-21-2796421550-788906634-1267632633-1007\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" (User 'Anna')
O4 - HKUS\S-1-5-21-2796421550-788906634-1267632633-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Anna')
O4 - HKUS\S-1-5-21-2796421550-788906634-1267632633-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Anna')
O4 - HKUS\S-1-5-21-2796421550-788906634-1267632633-1007\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Anna')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (filesize 29696 bytes, MD5 DFCB9ADE94A4F8A7C42EEF41101A30AD)
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll (filesize 158504 bytes, MD5 F24D3D66C7E3F29485B14BEED91BE9E8)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll (filesize 158504 bytes, MD5 F24D3D66C7E3F29485B14BEED91BE9E8)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll (filesize 158504 bytes, MD5 F24D3D66C7E3F29485B14BEED91BE9E8)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL (filesize 40424 bytes, MD5 7FC19DA1DC70C78D2FBD7A1D10942051)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269719756937
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (filesize 91416 bytes, MD5 B661E7895B0672BC46D5DF7E1266DD94)
O20 - AppInit_DLLs: C:\WINDOWS\System32\dswave32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLLC:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dllC:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: dlci_device - - C:\WINDOWS\system32\dlcicoms.exeC:\WINDOWS\system32\dlcicoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exeC:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeC:\WINDOWS\wanmpsvc.exe
--
End of file - 11675 bytes
-
Here is the contents of the ComboFix log:
ComboFix 10-04-10.02 - Patrick 04/11/2010 15:14:45.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.487 [GMT -4:00]
Running from: c:\documents and settings\Patrick\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Application Data\02000000c2964de7854C.manifest
c:\documents and settings\Administrator\Application Data\02000000c2964de7854O.manifest
c:\documents and settings\Administrator\Application Data\02000000c2964de7854P.manifest
c:\documents and settings\Administrator\Application Data\02000000c2964de7854S.manifest
c:\documents and settings\Administrator\Application Data\SystemProc
c:\documents and settings\Patrick\Application Data\02000000c2964de7854C.manifest
c:\documents and settings\Patrick\Application Data\02000000c2964de7854O.manifest
c:\documents and settings\Patrick\Application Data\02000000c2964de7854P.manifest
c:\documents and settings\Patrick\Application Data\02000000c2964de7854S.manifest
c:\documents and settings\Patrick\Application Data\SystemProc
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\windows\GnuHashes.ini
c:\windows\patchw32.dll
c:\windows\pw32a.dll
c:\windows\system32\913552380
c:\windows\system32\SysWoW32
c:\windows\system32\SysWoW32\@u1578864321v0
c:\windows\system32\SysWoW32\@u1578864321v4
c:\windows\system32\SysWoW32\@u1578864321v5
c:\windows\system32\SysWoW32\@u1578864321v6
c:\windows\system32\SysWoW32\@u1578864321v7
c:\windows\system32\SysWoW32\_u1578864321v0
c:\windows\system32\SysWoW32\_u1578864321v4
c:\windows\system32\SysWoW32\_u1578864321v5
c:\windows\system32\SysWoW32\_u1578864321v6
c:\windows\system32\SysWoW32\_u1578864321v7
c:\windows\system32\SysWoW32\mu1578864321v4
c:\windows\system32\SysWoW32\mu1578864321v4.kwd
c:\windows\system32\SysWoW32\mu1578864321v5
c:\windows\system32\SysWoW32\mu1578864321v5.kwd
c:\windows\system32\SysWoW32\mu1578864321v6
c:\windows\system32\SysWoW32\mu1578864321v6.kwd
c:\windows\system32\SysWoW32\mu1578864321v7
c:\windows\system32\SysWoW32\mu1578864321v7.kwd
c:\windows\system32\SysWoW32\wu1578864321v0
c:\windows\system32\SysWoW32\wu1578864321v0.kwd
c:\windows\system32\SysWoW32\wu1578864321v1.kwd
c:\windows\system32\SysWoW32\wu1578864321v2.kwd
c:\windows\system32\SysWoW32\wu1578864321v3.kwd
c:\windows\system32\unrar.exe
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
.
((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.
2010-04-11 11:47 . 2010-04-11 11:47 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-04-11 11:47 . 2010-04-11 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-09 20:47 . 2010-04-09 20:47 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-06 15:33 . 2010-04-06 15:33 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-06 15:33 . 2010-04-06 15:33 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-06 15:33 . 2010-04-06 15:33 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-06 15:33 . 2010-04-06 15:33 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-06 15:33 . 2010-04-06 15:33 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-06 15:33 . 2010-04-06 15:33 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-06 15:33 . 2010-04-06 15:33 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-06 15:33 . 2010-04-06 15:33 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-04-06 15:33 . 2010-04-06 15:33 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-06 15:33 . 2010-04-06 15:33 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-06 15:33 . 2010-04-06 15:33 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-06 15:33 . 2010-04-06 15:33 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-06 15:32 . 2010-04-06 15:32 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-04-06 15:32 . 2010-04-06 15:32 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-04-06 15:32 . 2010-04-06 15:32 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-06 15:32 . 2010-04-06 15:32 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-04 20:54 . 2010-04-04 20:54 -------- d-----w- C:\desktopclean
2010-04-04 17:05 . 2010-04-04 17:05 -------- d-----w- c:\documents and settings\Anna\Application Data\PCToolsFirewallPlus
2010-04-03 23:12 . 2010-04-03 23:12 -------- d-----w- C:\$AVG
2010-04-03 22:59 . 2010-04-03 22:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-03 22:59 . 2010-04-03 22:59 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-03 22:59 . 2010-04-03 22:59 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-03 22:59 . 2010-04-03 22:59 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-03 22:59 . 2010-04-11 12:17 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-03 22:57 . 2010-04-03 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-03 22:27 . 2010-04-03 22:40 52224 ----a-w- c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-03 22:26 . 2010-04-03 22:43 117760 ----a-w- c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-03 22:24 . 2010-04-03 22:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-27 22:54 . 2010-03-27 22:55 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-27 22:53 . 2010-03-27 22:55 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-27 20:31 . 2010-03-27 20:31 -------- d-----w- c:\documents and settings\Patrick\Application Data\PCToolsFirewallPlus
2010-03-27 20:29 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-27 20:29 . 2009-11-09 15:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-27 20:29 . 2010-01-07 16:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-27 20:29 . 2010-03-27 20:29 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-27 20:29 . 2010-01-12 13:34 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-03-27 20:29 . 2010-01-07 15:35 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-03-27 20:29 . 2010-01-07 15:35 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-03-27 20:29 . 2010-01-13 12:59 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-03-27 20:29 . 2010-03-27 20:32 -------- d-----w- c:\program files\PC Tools Firewall Plus
2010-03-27 03:14 . 2010-03-27 19:28 -------- d-----w- c:\program files\a-squared Free
2010-03-26 19:54 . 2010-03-26 19:55 -------- d-----w- c:\program files\DVD Shrink
2010-03-21 17:35 . 2009-10-07 19:28 17544 ------w- c:\windows\system32\drivers\RkPavproc1.sys
2010-03-20 21:42 . 2010-03-20 21:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-03-20 20:33 . 2010-03-20 20:33 -------- d-----w- c:\program files\AVG
2010-03-20 17:44 . 2010-03-20 17:44 -------- d-----w- C:\Garbage
2010-03-19 21:09 . 2004-01-22 21:06 157696 ----a-w- c:\windows\system32\unrar.dll
2010-03-19 21:09 . 2003-11-18 04:37 72192 ----a-w- c:\windows\system32\zlib.dll
2010-03-19 21:09 . 2002-03-07 02:19 454656 ----a-w- c:\windows\system32\PaintX.dll
2010-03-19 21:09 . 2002-02-18 03:58 98304 ----a-w- c:\windows\system32\unzip.dll
2010-03-19 21:09 . 2001-01-12 14:52 94208 ----a-w- c:\windows\system32\vbpng.dll
2010-03-19 21:09 . 2000-10-02 01:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-03-19 20:44 . 2010-03-19 20:44 -------- d-----w- C:\System Volume Data
2010-03-19 18:29 . 2010-03-19 18:29 -------- d-----w- c:\documents and settings\Patrick\Application Data\Uniblue
2010-03-18 02:50 . 2010-03-18 02:50 -------- d-----w- c:\documents and settings\Patrick\Application Data\Intermedia Software
2010-03-18 02:49 . 2003-04-18 19:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-03-18 02:38 . 2010-03-18 02:42 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\MediaMonkey
2010-03-18 01:18 . 2005-02-22 14:37 589824 ----a-w- c:\windows\system32\CDDBControl.dll
2010-03-18 01:18 . 2005-02-22 14:36 765952 ----a-w- c:\windows\system32\CDDBUI.dll
2010-03-18 01:18 . 2010-03-18 01:18 -------- d-----w- c:\documents and settings\Patrick\Application Data\Digital Media Solutions
2010-03-14 04:16 . 2010-03-14 04:16 -------- d-----w- c:\documents and settings\Anna\Local Settings\Application Data\Microsoft Help
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 17:31 . 2006-12-20 16:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-09 21:28 . 2008-10-18 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-04-09 20:44 . 2008-11-27 19:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-04 17:56 . 2007-07-20 22:26 -------- d-----w- c:\documents and settings\Patrick\Application Data\LimeWire
2010-04-03 22:39 . 2006-12-20 16:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-03 22:25 . 2008-11-27 19:41 -------- d-----w- c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com
2010-03-27 22:57 . 2010-03-27 20:29 120 ----a-w- c:\documents and settings\Administrator\udpcrawl.tmp
2010-03-27 20:43 . 2006-12-20 16:25 -------- d-----w- c:\program files\WildTangent
2010-03-27 20:37 . 2009-10-23 13:57 -------- d-----w- c:\program files\Panda Security
2010-03-27 18:12 . 2006-12-20 16:26 -------- d-----w- c:\program files\Trend Micro
2010-03-27 16:33 . 2010-03-26 20:51 116 ----a-w- c:\documents and settings\Patrick\udpcrawl.tmp
2010-03-26 21:05 . 2006-12-29 20:10 -------- d-----w- c:\program files\Civil Series 2004
2010-03-21 14:45 . 2006-12-20 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-21 00:00 . 2010-01-17 17:18 -------- d-----w- c:\documents and settings\Patrick\Application Data\Azureus
2010-03-21 00:00 . 2008-08-09 11:39 -------- d-----w- c:\program files\Security Task Manager
2010-03-20 13:53 . 2009-01-19 20:09 -------- d-----w- c:\program files\Postal2STP
2010-03-19 20:42 . 2010-01-17 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-03-19 14:14 . 2010-01-10 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-14 04:01 . 2010-01-20 04:43 42 ----a-w- c:\documents and settings\Anna\Application Data\MTC-savedinstructor.dat
2010-03-14 03:17 . 2010-03-14 03:17 38 ----a-w- c:\documents and settings\Anna\Application Data\MTC-savedfolder.dat
2010-03-13 19:24 . 2010-03-13 19:24 54 ----a-w- c:\documents and settings\Patrick\Application Data\MTC-savedfolder.dat
2010-03-11 12:38 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-11 23:00 17408 ------w- c:\windows\system32\corpol.dll
2010-02-23 16:51 . 2010-02-02 04:38 3247296 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-22 22:12 . 2006-12-24 19:58 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-22 22:12 . 2006-12-24 19:58 88 --sh--r- c:\windows\system32\A97C080420.sys
2010-01-17 18:31 . 2006-12-20 16:35 110016 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
1997-06-23 17:06 . 1997-06-23 17:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2007-12-10 18:46 1510424 ----a-w- c:\program files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-09 2010864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"dlcimon.exe"="c:\program files\Dell AIO Printer 946\dlcimon.exe" [2006-02-13 430080]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1172251831\ee\AOLSoftware.exe" [2006-09-26 50736]
"DLCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-20 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-20 98304]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NoActiveDesktopChanges"="00000000" [X]
"NoActiveDesktop"="0 (0x0)" [X]
"NoSaveSettings"="0 (0x0)" [X]
"ClassicShell"="0 (0x0)" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-20 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-04-03 22:43 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-03 22:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2010 6:59 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2010 6:59 PM 242696]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/27/2010 4:29 PM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/17/2008 3:11 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 3:11 PM 66632]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/3/2010 6:58 PM 308064]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 3:01 AM 13824]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [3/27/2010 4:29 PM 88040]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/14/2006 3:02 AM 13696]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [3/27/2010 4:29 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [3/27/2010 4:29 PM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [3/27/2010 4:29 PM 115216]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/31/2008 8:57 PM 715248]
S3 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 3:11 PM 12872]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
HKLM-Run-cxywaaba - c:\documents and settings\Patrick\Local Settings\Application Data\eukfie\xdkysftav.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
NoActiveDesktopChanges = 3F 00 00 00
NoActiveDesktop = 63
NoSaveSettings = 63
ClassicShell = 63
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1468)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-04-11 15:19:25
ComboFix-quarantined-files.txt 2010-04-11 19:19
Pre-Run: 131,150,360,576 bytes free
Post-Run: 131,454,996,480 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 470E1F0A995B00682EF1876E4A747AB8
-
Here is the contents of the post-ComboFix scan log from Hijack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:22 PM, on 4/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\ComboFix\CF20779.cfxxe
C:\ComboFix\mbr.cfxxe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (filesize 1602912 bytes, MD5 62AF967D28EE464C8919CD87C6E6FF86)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (filesize 98304 bytes, MD5 28E1B808DD272CBD8F5667959DEB61C1)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (filesize 73728 bytes, MD5 DEE8F03D1EACE0C8F914A2C76568EA32)
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (filesize 1510424 bytes, MD5 ADE6F3EFAA68CAF59EEE9C17D35D4927)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (filesize 1510424 bytes, MD5 ADE6F3EFAA68CAF59EEE9C17D35D4927)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (filesize 33280 bytes, MD5 037B1E7798960E0420003D05BB577EE6)
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe" (filesize 430080 bytes, MD5 5BCA13F425E6236E01A09D3CC2E5D81C)
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeC:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1172251831\ee\AOLSoftware.exeC:\Program Files\Common Files\AOL\1172251831\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (filesize 98304 bytes, MD5 C341CCFBE98BC7DF6E0B856BB9FC265A)
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s (filesize 3168216 bytes, MD5 B4C1C657FCCCAF24EBF028CE68E6D086)
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (filesize 1289000 bytes, MD5 5515EB5E3A8B073F66CFC697EB0D4B55)
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (filesize 29696 bytes, MD5 DFCB9ADE94A4F8A7C42EEF41101A30AD)
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll (filesize 158504 bytes, MD5 F24D3D66C7E3F29485B14BEED91BE9E8)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll (filesize 158504 bytes, MD5 F24D3D66C7E3F29485B14BEED91BE9E8)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll (filesize 158504 bytes, MD5 F24D3D66C7E3F29485B14BEED91BE9E8)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL (filesize 40424 bytes, MD5 7FC19DA1DC70C78D2FBD7A1D10942051)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269719756937
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (filesize 91416 bytes, MD5 B661E7895B0672BC46D5DF7E1266DD94)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLLC:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dllC:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: dlci_device - - C:\WINDOWS\system32\dlcicoms.exeC:\WINDOWS\system32\dlcicoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exeC:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeC:\WINDOWS\wanmpsvc.exe
--
End of file - 10078 bytes
-
Ok. Thank you. I have a bit of work for you.
Download Disable/Remove Windows Messenger (http://www.majorgeeks.com/DisableRemove_Windows_Messenger_d2327.html) to the desktop to remove Windows Messenger.
Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.
Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.
Exit out of MessengerDisable then delete the two files that were put on the desktop.
==============================
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O4 - HKLM\..\Run: [cxywaaba] C:\Documents and Settings\Patrick\Local Settings\Application Data\eukfie\xdkysftav.exe
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\DOCUME~1\Patrick\LOCALS~1\Temp\13.tmpC:\DOCUME~1\Patrick\LOCALS~1\Temp\13.tmp
O4 - HKLM\..\Run: [ISUSScheduler] \"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe\" -start
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (filesize 29696 bytes, MD5 DFCB9ADE94A4F8A7C42EEF41101A30AD)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
================================
Please read here for more information about WildTangent. (http://it.toolbox.com/blogs/enterprise-solutions/question-of-the-week-is-wildtanget-actually-) Your choice if you want to remove it or not.
If you choose to follow my advice, please follow these instructions.
Go to Start > Control Panel > Add/Remove Programs and remove the following programs.
•WildTangent Web Driver or any program marked as WildTangent.
===============================
P2P - I see you have P2P software installed on your machine. (LimeWire & Azureus (Vuze or BitTorrent) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
=================================
Please go to Jotti's malware scan (http://virusscan.jotti.org/)
(If more than one file needs scanned they must be done separately and logs posted for each one)
* Copy the file path in the below Code box:
c:\windows\system32\A97C080420.sys
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
=====================================
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
File::
c:\documents and settings\Patrick\udpcrawl.tmp
c:\windows\system32\corpol.dll
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
====================================
-
I have gotten to this step, but the attached link to the WildTangent site does not work and it does not appear on my list of software programs.
-
I have gotten to this step, but the attached link to the WildTangent site does not work and it does not appear on my list of software programs.
Once completed, exit HijackThis.
================================
Please read here for more information about WildTangent. Your choice if you want to remove it or not.
If you choose to follow my advice, please follow these instructions.
Go to Start > Control Panel > Add/Remove Programs and remove the following programs.
•WildTangent Web Driver or any program marked as WildTangent.
===============================
-
I have gotten to this step, but the attached link to the WildTangent site does not work and it does not appear on my list of software programs.
Once completed, exit HijackThis.
================================
Please read here for more information about WildTangent. Your choice if you want to remove it or not.
If you choose to follow my advice, please follow these instructions.
Go to Start > Control Panel > Add/Remove Programs and remove the following programs.
•WildTangent Web Driver or any program marked as WildTangent.
===============================
That's ok I'll check out that link and we can get rid of WildTangent with ComboFix. Please continue.
-
Here's the corrected link for WildTangent.
Please read here for more information about WildTangent (http://it.toolbox.com/blogs/enterprise-solutions/question-of-the-week-is-wildtanget-actually-spyware-6472). Your choice if you want to remove it or not.
If you choose to follow my advice, please follow these instructions.
Go to Start > Control Panel > Add/Remove Programs and remove the following programs.
•WildTangent Web Driver
-
I am really sorry to Post in somebody elses topic however I am having trouble with this website and virus trouble.
I wrote a post describing my virus trouble (which i have saved as a txt document) I clicked submit in order to create the new topic however I get 'the connection to the server was reset while the page was loading'. I tried to post it again. this happens every time I try to create my own topic. I can however reply to other peoples topics. Please help. Once again sorry for just posting in somebody elses topic but I wasn't sure what else to do. perhaps somebody could create one for me?
-
I decided to skip the steps "delete WildTangetWeb..." because it does not appear on my list of programs...either does Azure. Thank you for the advice on Limewire, I am considering its removal. Here is the link to the web-based scan of the system file:
http://virusscan.jotti.org/en/scanresult/86438881b71ec64f9c22cfb8777d9e9066d29311
I will continue with the remainder of the instructions.
-
Okay, during the ComboFix routine it did not report that Stage_1 had completed and after about 15 minutes I received the BSOD.
I reran ComboFix and here is the log:
ComboFix 10-04-10.02 - Patrick 04/17/2010 17:22:23.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.496 [GMT -4:00]
Running from: c:\documents and settings\Patrick\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
((((((((((((((((((((((((( Files Created from 2010-03-17 to 2010-04-17 )))))))))))))))))))))))))))))))
.
2010-04-11 23:14 . 2010-04-11 23:14 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\Collectorz.com
2010-04-11 23:13 . 2010-04-11 23:13 -------- d-----w- c:\program files\Collectorz.com
2010-04-11 21:11 . 2010-04-11 21:12 -------- d-----w- c:\documents and settings\Patrick\Application Data\Disk Explorer Professional 3
2010-04-11 20:46 . 2010-04-11 20:46 -------- d-----w- c:\documents and settings\Patrick\.JavaHelp
2010-04-11 20:39 . 2010-04-11 20:50 -------- d-----w- c:\documents and settings\Patrick\.jajuk
2010-04-11 20:37 . 2010-04-11 20:50 -------- d-----w- c:\program files\Jajuk
2010-04-11 20:08 . 2010-04-11 20:24 -------- d-----w- c:\program files\Media Catalog Studio
2010-04-11 19:59 . 2010-04-11 19:59 -------- d-----w- c:\documents and settings\Patrick\Application Data\Pmcc
2010-04-11 11:47 . 2010-04-11 11:47 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-04-11 11:47 . 2010-04-11 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-09 20:47 . 2010-04-09 20:47 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-06 15:33 . 2010-04-06 15:33 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-06 15:33 . 2010-04-06 15:33 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-06 15:33 . 2010-04-06 15:33 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-06 15:33 . 2010-04-06 15:33 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-06 15:33 . 2010-04-06 15:33 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-06 15:33 . 2010-04-06 15:33 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-06 15:33 . 2010-04-06 15:33 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-06 15:33 . 2010-04-06 15:33 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-04-06 15:33 . 2010-04-06 15:33 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-06 15:33 . 2010-04-06 15:33 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-06 15:33 . 2010-04-06 15:33 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-06 15:33 . 2010-04-06 15:33 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-06 15:32 . 2010-04-06 15:32 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-04-06 15:32 . 2010-04-06 15:32 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-04-06 15:32 . 2010-04-06 15:32 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-06 15:32 . 2010-04-06 15:32 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-04 20:54 . 2010-04-04 20:54 -------- d-----w- C:\desktopclean
2010-04-04 17:05 . 2010-04-04 17:05 -------- d-----w- c:\documents and settings\Anna\Application Data\PCToolsFirewallPlus
2010-04-03 23:12 . 2010-04-03 23:12 -------- d-----w- C:\$AVG
2010-04-03 22:59 . 2010-04-03 22:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-03 22:59 . 2010-04-03 22:59 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-03 22:59 . 2010-04-03 22:59 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-03 22:59 . 2010-04-03 22:59 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-03 22:59 . 2010-04-17 13:32 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-03 22:57 . 2010-04-03 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-03 22:27 . 2010-04-03 22:40 52224 ----a-w- c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-03 22:26 . 2010-04-03 22:43 117760 ----a-w- c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-03 22:24 . 2010-04-03 22:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-27 22:54 . 2010-03-27 22:55 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-27 22:53 . 2010-03-27 22:55 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-27 20:31 . 2010-03-27 20:31 -------- d-----w- c:\documents and settings\Patrick\Application Data\PCToolsFirewallPlus
2010-03-27 20:29 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-27 20:29 . 2009-11-09 15:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-27 20:29 . 2010-01-07 16:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-27 20:29 . 2010-03-27 20:29 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-27 20:29 . 2010-01-12 13:34 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-03-27 20:29 . 2010-01-07 15:35 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-03-27 20:29 . 2010-01-07 15:35 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-03-27 20:29 . 2010-01-13 12:59 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-03-27 20:29 . 2010-03-27 20:32 -------- d-----w- c:\program files\PC Tools Firewall Plus
2010-03-27 03:14 . 2010-03-27 19:28 -------- d-----w- c:\program files\a-squared Free
2010-03-26 19:54 . 2010-03-26 19:55 -------- d-----w- c:\program files\DVD Shrink
2010-03-21 17:35 . 2009-10-07 19:28 17544 ------w- c:\windows\system32\drivers\RkPavproc1.sys
2010-03-20 21:42 . 2010-03-20 21:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-03-20 20:33 . 2010-03-20 20:33 -------- d-----w- c:\program files\AVG
2010-03-20 17:44 . 2010-03-20 17:44 -------- d-----w- C:\Garbage
2010-03-19 21:09 . 2004-01-22 21:06 157696 ----a-w- c:\windows\system32\unrar.dll
2010-03-19 21:09 . 2003-11-18 04:37 72192 ----a-w- c:\windows\system32\zlib.dll
2010-03-19 21:09 . 2002-03-07 02:19 454656 ----a-w- c:\windows\system32\PaintX.dll
2010-03-19 21:09 . 2002-02-18 03:58 98304 ----a-w- c:\windows\system32\unzip.dll
2010-03-19 21:09 . 2001-01-12 14:52 94208 ----a-w- c:\windows\system32\vbpng.dll
2010-03-19 21:09 . 2000-10-02 01:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-03-19 20:44 . 2010-03-19 20:44 -------- d-----w- C:\System Volume Data
2010-03-19 18:29 . 2010-03-19 18:29 -------- d-----w- c:\documents and settings\Patrick\Application Data\Uniblue
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 21:18 . 2006-12-20 16:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-12 17:20 . 2008-10-18 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-04-09 20:44 . 2008-11-27 19:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-04 17:56 . 2007-07-20 22:26 -------- d-----w- c:\documents and settings\Patrick\Application Data\LimeWire
2010-04-03 22:39 . 2006-12-20 16:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-03 22:25 . 2008-11-27 19:41 -------- d-----w- c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com
2010-03-27 22:57 . 2010-03-27 20:29 120 ----a-w- c:\documents and settings\Administrator\udpcrawl.tmp
2010-03-27 20:43 . 2006-12-20 16:25 -------- d-----w- c:\program files\WildTangent
2010-03-27 20:37 . 2009-10-23 13:57 -------- d-----w- c:\program files\Panda Security
2010-03-27 18:12 . 2006-12-20 16:26 -------- d-----w- c:\program files\Trend Micro
2010-03-27 16:33 . 2010-03-26 20:51 116 ----a-w- c:\documents and settings\Patrick\udpcrawl.tmp
2010-03-26 21:05 . 2006-12-29 20:10 -------- d-----w- c:\program files\Civil Series 2004
2010-03-21 14:45 . 2006-12-20 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-21 00:00 . 2010-01-17 17:18 -------- d-----w- c:\documents and settings\Patrick\Application Data\Azureus
2010-03-21 00:00 . 2008-08-09 11:39 -------- d-----w- c:\program files\Security Task Manager
2010-03-20 13:53 . 2009-01-19 20:09 -------- d-----w- c:\program files\Postal2STP
2010-03-19 20:42 . 2010-01-17 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-03-19 14:14 . 2010-01-10 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-18 02:50 . 2010-03-18 02:50 -------- d-----w- c:\documents and settings\Patrick\Application Data\Intermedia Software
2010-03-18 01:18 . 2010-03-18 01:18 -------- d-----w- c:\documents and settings\Patrick\Application Data\Digital Media Solutions
2010-03-14 04:01 . 2010-01-20 04:43 42 ----a-w- c:\documents and settings\Anna\Application Data\MTC-savedinstructor.dat
2010-03-14 03:17 . 2010-03-14 03:17 38 ----a-w- c:\documents and settings\Anna\Application Data\MTC-savedfolder.dat
2010-03-13 19:24 . 2010-03-13 19:24 54 ----a-w- c:\documents and settings\Patrick\Application Data\MTC-savedfolder.dat
2010-03-11 12:38 . 2004-08-11 23:00 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-11 23:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-11 23:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2004-08-11 23:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 16:51 . 2010-02-02 04:38 3247296 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-16 14:08 . 2004-08-11 23:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 04:59 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-11 23:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-11 23:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-22 22:12 . 2006-12-24 19:58 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-22 22:12 . 2006-12-24 19:58 88 --sh--r- c:\windows\system32\A97C080420.sys
1997-06-23 17:06 . 1997-06-23 17:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-04-11_19.18.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-17 21:21 . 2010-04-17 21:21 16384 c:\windows\Temp\Perflib_Perfdata_5dc.dat
+ 2010-04-17 21:21 . 2010-04-17 21:21 16384 c:\windows\Temp\Perflib_Perfdata_53c.dat
+ 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2004-08-11 23:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
+ 2010-04-11 23:21 . 2010-04-11 23:21 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\TVM\d5f6c4ddc906680d085f6e6a76246b19\TVM.ni.dll
+ 2010-04-11 23:21 . 2010-04-11 23:21 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Inte#\4108fbcfcb9c25c35a98fa51aa4a45b4\Intuit.Ctg.Wte.InterviewControlLibrary.ni.dll
+ 2004-08-11 23:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-05-09 10:53 . 2010-03-09 11:09 430080 c:\windows\system32\dllcache\vbscript.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-11-12 22:36 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2010-03-18 01:18 . 2003-08-26 20:03 757760 c:\windows\system32\CDDBUI.dll
+ 2010-03-18 01:18 . 2003-08-26 20:01 630784 c:\windows\system32\CDDBControl.dll
+ 2008-11-12 22:36 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-04-11 23:21 . 2010-04-11 23:21 656384 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Serv#\a1d5c654e44f6641673fc184784bd694\Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2008-10-16 02:50 . 2010-02-17 13:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 02:50 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-16 02:50 . 2010-02-17 13:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 02:50 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-04-11 23:21 . 2010-04-11 23:21 4153344 c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\90187d61a7bc5ba56307c85d2d93c418\ttax.ni.dll
+ 2010-04-11 23:21 . 2010-04-11 23:21 1323520 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\99639ace6996426854e3ce6cd8b1ffcb\Intuit.Ctg.Map.ni.dll
+ 2007-12-25 12:23 . 2010-04-06 17:52 31971272 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2007-12-10 18:46 1510424 ----a-w- c:\program files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-09 2010864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"dlcimon.exe"="c:\program files\Dell AIO Printer 946\dlcimon.exe" [2006-02-13 430080]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1172251831\ee\AOLSoftware.exe" [2006-09-26 50736]
"DLCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-20 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-20 98304]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NoActiveDesktopChanges"="00000000" [X]
"NoActiveDesktop"="0 (0x0)" [X]
"NoSaveSettings"="0 (0x0)" [X]
"ClassicShell"="0 (0x0)" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-20 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-04-03 22:43 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-03 22:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2010 6:59 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2010 6:59 PM 242696]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/27/2010 4:29 PM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/17/2008 3:11 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 3:11 PM 66632]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/3/2010 6:58 PM 308064]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 3:01 AM 13824]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [3/27/2010 4:29 PM 88040]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/14/2006 3:02 AM 13696]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [3/27/2010 4:29 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [3/27/2010 4:29 PM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [3/27/2010 4:29 PM 115216]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/31/2008 8:57 PM 715248]
S3 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 3:11 PM 12872]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.scr=AutoCADScriptFile
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 17:27
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
NoActiveDesktopChanges = 3F 00 00 00
NoActiveDesktop = 63
NoSaveSettings = 63
ClassicShell = 63
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1468)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-04-17 17:29:04
ComboFix-quarantined-files.txt 2010-04-17 21:29
ComboFix2.txt 2010-04-11 19:19
Pre-Run: 126,332,821,504 bytes free
Post-Run: 126,411,661,312 bytes free
- - End Of File - - 201A4047E48A70996ADB9D5F89914E5C
-
Ok. Please try to run this script.
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
File::
c:\documents and settings\Patrick\udpcrawl.tmp
c:\windows\system32\corpol.dll
Folder::
c:\program files\WildTangent
c:\documents and settings\Patrick\Application Data\Azureus
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
-
I followed these instructions exactly as described...the result is BSOD.
-
Ok. Are you getting an error code from the BSOD? Delete your copy of ComboFix and try this.
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.
link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
link #2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.
Now try running the ComboFix script in Reply # 31. If you still get the BSOD again, we'll try something else.
-
I deleted ComboFix.exe from my desktop, used link #1 (link #2 is in mexican) to reinstall ComboFix on my desktop. Turned off AVG, created a notepad.txt file from the script posted in reply #31 and dragged the CFScript.txt file into the executeable ComboFix file. Here's the damage:
ComboFix notified me that it was disabling a drive emulator
ComboFix got to "Completed_Stage5"
Windows immediately shut down
During the shut down I received an error message "...Application error...FS....exe"
I receive the BSOD with pertinent language as follows: [RQL_NOT_LESS_OR_EQUAL]...Technical information: ***STOP:0X0000000A(0X00000000, 0X0000001C, 0X00000001, 0X804FB03C) Dump physical memory (I took a photo of the screen if needed)
I cold started the PC to eliminate the BSOD
Upon Windows starting I received two (2) error messages: Windows detected a serious error upon starting, Malware within spooldr.sys..... (I have screen captures saved to a MSWord document if needed)
I have not continued any further
-
Ok. I tried the link and it did the same for me. I'll have to check this out along with the BSOD problem. I'll get back to you quite soon, if possible.
-
Thanks again!
-
Please go to Jotti's malware scan (http://virusscan.jotti.org/)
(If more than one file needs scanned they must be done separately and logs posted for each one)
* Copy the file path in the below Code box:
c:\windows\system32\corpol.dll
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
========================
Let's see if ComboFix will run on it's own without the script.
Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts. (you will receive a UAC prompt, please allow it)
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
here is the URL for the online scan:
http://virusscan.jotti.org/en/scanresult/b30f112c7e808c62cfc6494184bf7a0a6c013b87
I attempted to run ComboFix and here's what happened:
Windows shuts down
Application error: FWServ.exe "0x00F8ce56"...
PC reboots (no BSOD)
I initiate ComboFix (again) I am prompted to update and I do so
Nothing happens, I initiate ComboFix (again) nothing happens
I check my task manager and no applications are running
I run a Hijack this scan
log appears below:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:50 PM, on 4/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell AIO Printer 946\dlcimon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1172251831\ee\AOLSoftware.exe
C:\WINDOWS\system32\dlcicoms.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\ComboFix\CF7615.cfxxe
C:\32788R22FWJFW\cmd.cfxxe
C:\32788R22FWJFW\handle.cfxxe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1172251831\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269719756937
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: dlci_device - - C:\WINDOWS\system32\dlcicoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 7792 bytes
-
Shut down PC Tools Firewall Plus and then try ComboFix again. If it will not turn off then uninstall it until you are done cleaning.
Be sure to restart the computer before running ComboFix.
-
EDITED.
-
OK, I disabled PC Tools Firewall and reran the CFScript it ran, and then attempted to shut Windows down. It "kinda" locked up, no display definitely did not reboot (as it indicated) however, no BSOD. I did a cold shut down after about 15 minutes and upon booting up ComboFix saved a log that appears below:
ComboFix 10-04-17.07 - Patrick 04/23/2010 16:04:24.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.582 [GMT -4:00]
Running from: c:\documents and settings\Patrick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Patrick\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
FILE ::
"c:\documents and settings\Patrick\udpcrawl.tmp"
"c:\windows\system32\corpol.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Patrick\Application Data\Azureus
c:\documents and settings\Patrick\Application Data\Azureus\.certs
c:\documents and settings\Patrick\Application Data\Azureus\.keystore
c:\documents and settings\Patrick\Application Data\Azureus\.lock
c:\documents and settings\Patrick\Application Data\Azureus\active\846D3C16576085E128B6CC886153006F952DE1EE.dat
c:\documents and settings\Patrick\Application Data\Azureus\azureus.config
c:\documents and settings\Patrick\Application Data\Azureus\azureus.statistics
c:\documents and settings\Patrick\Application Data\Azureus\devices.config
c:\documents and settings\Patrick\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\Patrick\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\Patrick\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\Patrick\Application Data\Azureus\dht\version.dat
c:\documents and settings\Patrick\Application Data\Azureus\downloads.config
c:\documents and settings\Patrick\Application Data\Azureus\ipfilter.cache
c:\documents and settings\Patrick\Application Data\Azureus\logs\debug_1.log
c:\documents and settings\Patrick\Application Data\Azureus\metasearch.config
c:\documents and settings\Patrick\Application Data\Azureus\net\pm_10796.dat
c:\documents and settings\Patrick\Application Data\Azureus\net\pm_default.dat
c:\documents and settings\Patrick\Application Data\Azureus\plugins\azupnpav\cd.dat
c:\documents and settings\Patrick\Application Data\Azureus\tables.config
c:\documents and settings\Patrick\Application Data\Azureus\torrents\846D3C16576085E128B6CC886153006F952DE1EE[1].torrent
c:\documents and settings\Patrick\udpcrawl.tmp
c:\program files\WildTangent
c:\program files\WildTangent\Apps\GameChannel\Games\C0A0AA4D-C79B-48CA-8843-2B02B626C9E6\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\C0A0AA4D-C79B-48CA-8843-2B02B626C9E6\options.dat
c:\program files\WildTangent\LicenseStores\WT\6DEEEEDF-6404-4f02-AE07-4F4CB1A3D5F6.wtlic
c:\program files\WildTangent\LicenseStores\WT\wt.sto
.
((((((((((((((((((((((((( Files Created from 2010-03-23 to 2010-04-23 )))))))))))))))))))))))))))))))
.
2010-04-22 12:39 . 2010-04-22 12:39 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-22 12:38 . 2010-04-22 12:38 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-11 23:14 . 2010-04-11 23:14 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\Collectorz.com
2010-04-11 23:13 . 2010-04-11 23:13 -------- d-----w- c:\program files\Collectorz.com
2010-04-11 21:11 . 2010-04-11 21:12 -------- d-----w- c:\documents and settings\Patrick\Application Data\Disk Explorer Professional 3
2010-04-11 20:46 . 2010-04-11 20:46 -------- d-----w- c:\documents and settings\Patrick\.JavaHelp
2010-04-11 20:39 . 2010-04-11 20:50 -------- d-----w- c:\documents and settings\Patrick\.jajuk
2010-04-11 20:37 . 2010-04-11 20:50 -------- d-----w- c:\program files\Jajuk
2010-04-11 20:08 . 2010-04-11 20:24 -------- d-----w- c:\program files\Media Catalog Studio
2010-04-11 19:59 . 2010-04-11 19:59 -------- d-----w- c:\documents and settings\Patrick\Application Data\Pmcc
2010-04-11 11:47 . 2010-04-11 11:47 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-04-11 11:47 . 2010-04-11 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-09 20:47 . 2010-04-09 20:47 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-06 15:33 . 2010-04-06 15:33 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-06 15:33 . 2010-04-06 15:33 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-06 15:33 . 2010-04-06 15:33 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-06 15:33 . 2010-04-06 15:33 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-06 15:33 . 2010-04-06 15:33 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-06 15:33 . 2010-04-06 15:33 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-06 15:33 . 2010-04-06 15:33 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-06 15:33 . 2010-04-06 15:33 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-04-06 15:33 . 2010-04-06 15:33 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-06 15:33 . 2010-04-06 15:33 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-06 15:33 . 2010-04-06 15:33 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-06 15:33 . 2010-04-06 15:33 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-06 15:32 . 2010-04-06 15:32 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-04-06 15:32 . 2010-04-06 15:32 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-04-06 15:32 . 2010-04-06 15:32 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-04 20:54 . 2010-04-04 20:54 -------- d-----w- C:\desktopclean
2010-04-04 17:05 . 2010-04-04 17:05 -------- d-----w- c:\documents and settings\Anna\Application Data\PCToolsFirewallPlus
2010-04-03 23:12 . 2010-04-03 23:12 -------- d-----w- C:\$AVG
2010-04-03 22:59 . 2010-04-03 22:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-03 22:59 . 2010-04-22 12:39 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-03 22:59 . 2010-04-03 22:59 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-03 22:59 . 2010-04-03 22:59 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-03 22:59 . 2010-04-23 12:47 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-03 22:57 . 2010-04-03 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-03 22:27 . 2010-04-03 22:40 52224 ----a-w- c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-03 22:26 . 2010-04-03 22:43 117760 ----a-w- c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-03 22:24 . 2010-04-03 22:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-27 22:54 . 2010-03-27 22:55 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-27 22:53 . 2010-03-27 22:55 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-27 20:31 . 2010-03-27 20:31 -------- d-----w- c:\documents and settings\Patrick\Application Data\PCToolsFirewallPlus
2010-03-27 20:29 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-27 20:29 . 2009-11-09 15:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-27 20:29 . 2010-01-07 16:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-27 20:29 . 2010-03-27 20:29 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-27 20:29 . 2010-01-12 13:34 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-03-27 20:29 . 2010-01-07 15:35 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-03-27 20:29 . 2010-01-07 15:35 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-03-27 20:29 . 2010-01-13 12:59 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-03-27 20:29 . 2010-03-27 20:32 -------- d-----w- c:\program files\PC Tools Firewall Plus
2010-03-27 03:14 . 2010-03-27 19:28 -------- d-----w- c:\program files\a-squared Free
2010-03-26 19:54 . 2010-03-26 19:55 -------- d-----w- c:\program files\DVD Shrink
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 20:17 . 2006-12-20 16:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-18 12:57 . 2008-10-18 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-04-09 20:44 . 2008-11-27 19:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-04 17:56 . 2007-07-20 22:26 -------- d-----w- c:\documents and settings\Patrick\Application Data\LimeWire
2010-04-03 22:39 . 2006-12-20 16:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-03 22:25 . 2008-11-27 19:41 -------- d-----w- c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com
2010-03-27 22:57 . 2010-03-27 20:29 120 ----a-w- c:\documents and settings\Administrator\udpcrawl.tmp
2010-03-27 20:37 . 2009-10-23 13:57 -------- d-----w- c:\program files\Panda Security
2010-03-27 18:12 . 2006-12-20 16:26 -------- d-----w- c:\program files\Trend Micro
2010-03-26 21:05 . 2006-12-29 20:10 -------- d-----w- c:\program files\Civil Series 2004
2010-03-21 14:45 . 2006-12-20 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-21 00:00 . 2008-08-09 11:39 -------- d-----w- c:\program files\Security Task Manager
2010-03-20 20:33 . 2010-03-20 20:33 -------- d-----w- c:\program files\AVG
2010-03-20 13:53 . 2009-01-19 20:09 -------- d-----w- c:\program files\Postal2STP
2010-03-19 20:42 . 2010-01-17 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-03-19 18:29 . 2010-03-19 18:29 -------- d-----w- c:\documents and settings\Patrick\Application Data\Uniblue
2010-03-19 14:14 . 2010-01-10 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-18 02:50 . 2010-03-18 02:50 -------- d-----w- c:\documents and settings\Patrick\Application Data\Intermedia Software
2010-03-18 01:18 . 2010-03-18 01:18 -------- d-----w- c:\documents and settings\Patrick\Application Data\Digital Media Solutions
2010-03-14 04:01 . 2010-01-20 04:43 42 ----a-w- c:\documents and settings\Anna\Application Data\MTC-savedinstructor.dat
2010-03-14 03:17 . 2010-03-14 03:17 38 ----a-w- c:\documents and settings\Anna\Application Data\MTC-savedfolder.dat
2010-03-13 19:24 . 2010-03-13 19:24 54 ----a-w- c:\documents and settings\Patrick\Application Data\MTC-savedfolder.dat
2010-03-11 12:38 . 2004-08-11 23:00 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-11 23:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-11 23:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2004-08-11 23:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 16:51 . 2010-02-02 04:38 3247296 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-16 14:08 . 2004-08-11 23:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 04:59 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-11 23:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-11 23:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-22 22:12 . 2006-12-24 19:58 88 --sh--r- c:\windows\system32\A97C080420.sys
2010-01-22 22:12 . 2006-12-24 19:58 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
1997-06-23 17:06 . 1997-06-23 17:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-04-11_19.18.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-23 20:17 . 2010-04-23 20:17 16384 c:\windows\temp\Perflib_Perfdata_598.dat
+ 2010-04-23 20:16 . 2010-04-23 20:16 16384 c:\windows\temp\Perflib_Perfdata_4d0.dat
+ 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2004-08-11 23:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
+ 2010-04-11 23:21 . 2010-04-11 23:21 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\TVM\d5f6c4ddc906680d085f6e6a76246b19\TVM.ni.dll
+ 2010-04-11 23:21 . 2010-04-11 23:21 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Inte#\4108fbcfcb9c25c35a98fa51aa4a45b4\Intuit.Ctg.Wte.InterviewControlLibrary.ni.dll
+ 2004-08-11 23:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-05-09 10:53 . 2010-03-09 11:09 430080 c:\windows\system32\dllcache\vbscript.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-11-12 22:36 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2010-03-18 01:18 . 2003-08-26 20:03 757760 c:\windows\system32\CDDBUI.dll
+ 2010-03-18 01:18 . 2003-08-26 20:01 630784 c:\windows\system32\CDDBControl.dll
+ 2008-11-12 22:36 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-04-11 23:21 . 2010-04-11 23:21 656384 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Serv#\a1d5c654e44f6641673fc184784bd694\Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2008-10-16 02:50 . 2010-02-17 13:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 02:50 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-16 02:50 . 2010-02-17 13:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 02:50 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-04-11 23:21 . 2010-04-11 23:21 4153344 c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\90187d61a7bc5ba56307c85d2d93c418\ttax.ni.dll
+ 2010-04-11 23:21 . 2010-04-11 23:21 1323520 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\99639ace6996426854e3ce6cd8b1ffcb\Intuit.Ctg.Map.ni.dll
+ 2007-12-25 12:23 . 2010-04-06 17:52 31971272 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2007-12-10 18:46 1510424 ----a-w- c:\program files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-09 2010864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"dlcimon.exe"="c:\program files\Dell AIO Printer 946\dlcimon.exe" [2006-02-13 430080]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1172251831\ee\AOLSoftware.exe" [2006-09-26 50736]
"DLCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-20 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-20 98304]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NoActiveDesktopChanges"="00000000" [X]
"NoActiveDesktop"="0 (0x0)" [X]
"NoSaveSettings"="0 (0x0)" [X]
"ClassicShell"="0 (0x0)" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-20 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-04-03 22:43 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-03 22:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/31/2008 8:57 PM 715248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2010 6:59 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2010 6:59 PM 242896]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/27/2010 4:29 PM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/17/2008 3:11 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 3:11 PM 66632]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/3/2010 6:58 PM 308064]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 3:01 AM 13824]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [3/27/2010 4:29 PM 88040]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/14/2006 3:02 AM 13696]
R3 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [3/27/2010 4:29 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [3/27/2010 4:29 PM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [3/27/2010 4:29 PM 115216]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 3:11 PM 12872]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-23 16:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
NoActiveDesktopChanges = 3F 00 00 00
NoActiveDesktop = 63
NoSaveSettings = 63
ClassicShell = 63
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spmy.sys hal.dll >>UNKNOWN [0x86D86944]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7508f28
\Driver\ACPI -> ACPI.sys @ 0xf7285cb8
\Driver\iaStor -> iaStor.sys @ 0xf71aa150
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) 82566DC Gigabit Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf706ebb0
PacketIndicateHandler -> NDIS.sys @ 0xf707ba21
SendHandler -> NDIS.sys @ 0xf705987b
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1480)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(2664)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dlcicoms.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2010-04-23 16:20:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-23 20:20
ComboFix2.txt 2010-04-17 21:29
ComboFix3.txt 2010-04-11 19:19
Pre-Run: 121,341,382,656 bytes free
Post-Run: 121,375,903,744 bytes free
- - End Of File - - E7D6B248365BA7D36FD230199CB4AB76
I then reran HijackThis and the log appears below:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:37 PM, on 4/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell AIO Printer 946\dlcimon.exe
C:\Program Files\Common Files\AOL\1172251831\ee\AOLSoftware.exe
C:\WINDOWS\system32\dlcicoms.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1172251831\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269719756937
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: dlci_device - - C:\WINDOWS\system32\dlcicoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 7623 bytes
-
Please go to Jotti's malware scan (http://virusscan.jotti.org/)
(If more than one file needs scanned they must be done separately and logs posted for each one)
* Copy the file path in the below Code box:
c:\windows\system32\A97C080420.sys
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
===============================
Download this << file >> (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) & extract TDSSKiller.exe onto your Desktop
Then create this batch file to be placed next to TDSSKiller
=====
Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:
@ECHO OFF
START /WAIT TDSSKILLER.exe -l Logit.txt -v
START Logit.txt
del %0Save this as fix.bat Choose to "Save type as - All Files"
It should look like this: (http://i266.photobucket.com/albums/ii277/sUBs_/bat_icon.gif)
Double click on fix.bat & allow it to run
Please post back to tell me what it says.
-
here is the URL for the online scan
http://virusscan.jotti.org/en/scanresult/86438881b71ec64f9c22cfb8777d9e9066d29311/432e806b28258eb274967ffee3ca74f2577e391a
and the Logit.txt file from the batch file
18:17:40:281 1320 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
18:17:40:281 1320 ================================================================================
18:17:40:281 1320 SystemInfo:
18:17:40:281 1320 OS Version: 5.1.2600 ServicePack: 3.0
18:17:40:281 1320 Product type: Workstation
18:17:40:281 1320 ComputerName: FAMILYROOM
18:17:40:281 1320 UserName: Patrick
18:17:40:281 1320 Windows directory: C:\WINDOWS
18:17:40:281 1320 Processor architecture: Intel x86
18:17:40:281 1320 Number of processors: 2
18:17:40:281 1320 Page size: 0x1000
18:17:40:281 1320 Boot type: Normal boot
18:17:40:281 1320 ================================================================================
18:17:40:281 1320 UnloadDriverW: NtUnloadDriver error 2
18:17:40:281 1320 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
18:17:40:328 1320 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
18:17:40:328 1320 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
18:17:40:328 1320 wfopen_ex: Trying to KLMD file open
18:17:40:328 1320 wfopen_ex: File opened ok (Flags 2)
18:17:40:328 1320 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
18:17:40:328 1320 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
18:17:40:328 1320 wfopen_ex: Trying to KLMD file open
18:17:40:328 1320 wfopen_ex: File opened ok (Flags 2)
18:17:40:328 1320 Initialize success
18:17:40:328 1320
18:17:40:328 1320 Scanning Services ...
18:17:40:375 1320 Raw services enum returned 371 services
18:17:40:390 1320
18:17:40:390 1320 Scanning Kernel memory ...
18:17:40:390 1320 Devices to scan: 5
18:17:40:390 1320
18:17:40:390 1320 Driver Name: Disk
18:17:40:390 1320 IRP_MJ_CREATE : F750ABB0
18:17:40:390 1320 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
18:17:40:390 1320 IRP_MJ_CLOSE : F750ABB0
18:17:40:390 1320 IRP_MJ_READ : F7504D1F
18:17:40:390 1320 IRP_MJ_WRITE : F7504D1F
18:17:40:390 1320 IRP_MJ_QUERY_INFORMATION : 804F4562
18:17:40:406 1320 IRP_MJ_SET_INFORMATION : 804F4562
18:17:40:406 1320 IRP_MJ_QUERY_EA : 804F4562
18:17:40:406 1320 IRP_MJ_SET_EA : 804F4562
18:17:40:406 1320 IRP_MJ_FLUSH_BUFFERS : F75052E2
18:17:40:406 1320 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
18:17:40:406 1320 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
18:17:40:406 1320 IRP_MJ_DIRECTORY_CONTROL : 804F4562
18:17:40:406 1320 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
18:17:40:406 1320 IRP_MJ_DEVICE_CONTROL : F75053BB
18:17:40:406 1320 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7508F28
18:17:40:406 1320 IRP_MJ_SHUTDOWN : F75052E2
18:17:40:406 1320 IRP_MJ_LOCK_CONTROL : 804F4562
18:17:40:406 1320 IRP_MJ_CLEANUP : 804F4562
18:17:40:406 1320 IRP_MJ_CREATE_MAILSLOT : 804F4562
18:17:40:406 1320 IRP_MJ_QUERY_SECURITY : 804F4562
18:17:40:406 1320 IRP_MJ_SET_SECURITY : 804F4562
18:17:40:406 1320 IRP_MJ_POWER : F7506C82
18:17:40:406 1320 IRP_MJ_SYSTEM_CONTROL : F750B99E
18:17:40:406 1320 IRP_MJ_DEVICE_CHANGE : 804F4562
18:17:40:406 1320 IRP_MJ_QUERY_QUOTA : 804F4562
18:17:40:406 1320 IRP_MJ_SET_QUOTA : 804F4562
18:17:40:406 1320 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
18:17:40:406 1320
18:17:40:406 1320 Driver Name: Disk
18:17:40:406 1320 IRP_MJ_CREATE : F750ABB0
18:17:40:406 1320 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
18:17:40:406 1320 IRP_MJ_CLOSE : F750ABB0
18:17:40:406 1320 IRP_MJ_READ : F7504D1F
18:17:40:406 1320 IRP_MJ_WRITE : F7504D1F
18:17:40:406 1320 IRP_MJ_QUERY_INFORMATION : 804F4562
18:17:40:406 1320 IRP_MJ_SET_INFORMATION : 804F4562
18:17:40:406 1320 IRP_MJ_QUERY_EA : 804F4562
18:17:40:406 1320 IRP_MJ_SET_EA : 804F4562
18:17:40:406 1320 IRP_MJ_FLUSH_BUFFERS : F75052E2
18:17:40:406 1320 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
18:17:40:406 1320 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
18:17:40:406 1320 IRP_MJ_DIRECTORY_CONTROL : 804F4562
18:17:40:406 1320 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
18:17:40:406 1320 IRP_MJ_DEVICE_CONTROL : F75053BB
18:17:40:406 1320 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7508F28
18:17:40:406 1320 IRP_MJ_SHUTDOWN : F75052E2
18:17:40:406 1320 IRP_MJ_LOCK_CONTROL : 804F4562
18:17:40:406 1320 IRP_MJ_CLEANUP : 804F4562
18:17:40:406 1320 IRP_MJ_CREATE_MAILSLOT : 804F4562
18:17:40:406 1320 IRP_MJ_QUERY_SECURITY : 804F4562
18:17:40:406 1320 IRP_MJ_SET_SECURITY : 804F4562
18:17:40:406 1320 IRP_MJ_POWER : F7506C82
18:17:40:406 1320 IRP_MJ_SYSTEM_CONTROL : F750B99E
18:17:40:406 1320 IRP_MJ_DEVICE_CHANGE : 804F4562
18:17:40:406 1320 IRP_MJ_QUERY_QUOTA : 804F4562
18:17:40:406 1320 IRP_MJ_SET_QUOTA : 804F4562
18:17:40:406 1320 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
18:17:40:406 1320
18:17:40:406 1320 Driver Name: Disk
18:17:40:406 1320 IRP_MJ_CREATE : F750ABB0
18:17:40:406 1320 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
18:17:40:406 1320 IRP_MJ_CLOSE : F750ABB0
18:17:40:406 1320 IRP_MJ_READ : F7504D1F
18:17:40:406 1320 IRP_MJ_WRITE : F7504D1F
18:17:40:406 1320 IRP_MJ_QUERY_INFORMATION : 804F4562
18:17:40:406 1320 IRP_MJ_SET_INFORMATION : 804F4562
18:17:40:406 1320 IRP_MJ_QUERY_EA : 804F4562
18:17:40:406 1320 IRP_MJ_SET_EA : 804F4562
18:17:40:406 1320 IRP_MJ_FLUSH_BUFFERS : F75052E2
18:17:40:406 1320 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
18:17:40:406 1320 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
18:17:40:406 1320 IRP_MJ_DIRECTORY_CONTROL : 804F4562
18:17:40:406 1320 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
18:17:40:406 1320 IRP_MJ_DEVICE_CONTROL : F75053BB
18:17:40:406 1320 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7508F28
18:17:40:406 1320 IRP_MJ_SHUTDOWN : F75052E2
18:17:40:406 1320 IRP_MJ_LOCK_CONTROL : 804F4562
18:17:40:406 1320 IRP_MJ_CLEANUP : 804F4562
18:17:40:406 1320 IRP_MJ_CREATE_MAILSLOT : 804F4562
18:17:40:406 1320 IRP_MJ_QUERY_SECURITY : 804F4562
18:17:40:406 1320 IRP_MJ_SET_SECURITY : 804F4562
18:17:40:406 1320 IRP_MJ_POWER : F7506C82
18:17:40:406 1320 IRP_MJ_SYSTEM_CONTROL : F750B99E
18:17:40:406 1320 IRP_MJ_DEVICE_CHANGE : 804F4562
18:17:40:406 1320 IRP_MJ_QUERY_QUOTA : 804F4562
18:17:40:406 1320 IRP_MJ_SET_QUOTA : 804F4562
18:17:40:406 1320 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
18:17:40:406 1320
18:17:40:406 1320 Driver Name: Disk
18:17:40:406 1320 IRP_MJ_CREATE : F750ABB0
18:17:40:406 1320 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
18:17:40:406 1320 IRP_MJ_CLOSE : F750ABB0
18:17:40:406 1320 IRP_MJ_READ : F7504D1F
18:17:40:406 1320 IRP_MJ_WRITE : F7504D1F
18:17:40:406 1320 IRP_MJ_QUERY_INFORMATION : 804F4562
18:17:40:406 1320 IRP_MJ_SET_INFORMATION : 804F4562
18:17:40:406 1320 IRP_MJ_QUERY_EA : 804F4562
18:17:40:406 1320 IRP_MJ_SET_EA : 804F4562
18:17:40:406 1320 IRP_MJ_FLUSH_BUFFERS : F75052E2
18:17:40:406 1320 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
18:17:40:406 1320 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
18:17:40:406 1320 IRP_MJ_DIRECTORY_CONTROL : 804F4562
18:17:40:406 1320 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
18:17:40:406 1320 IRP_MJ_DEVICE_CONTROL : F75053BB
18:17:40:406 1320 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7508F28
18:17:40:406 1320 IRP_MJ_SHUTDOWN : F75052E2
18:17:40:406 1320 IRP_MJ_LOCK_CONTROL : 804F4562
18:17:40:406 1320 IRP_MJ_CLEANUP : 804F4562
18:17:40:406 1320 IRP_MJ_CREATE_MAILSLOT : 804F4562
18:17:40:406 1320 IRP_MJ_QUERY_SECURITY : 804F4562
18:17:40:406 1320 IRP_MJ_SET_SECURITY : 804F4562
18:17:40:406 1320 IRP_MJ_POWER : F7506C82
18:17:40:406 1320 IRP_MJ_SYSTEM_CONTROL : F750B99E
18:17:40:406 1320 IRP_MJ_DEVICE_CHANGE : 804F4562
18:17:40:406 1320 IRP_MJ_QUERY_QUOTA : 804F4562
18:17:40:406 1320 IRP_MJ_SET_QUOTA : 804F4562
18:17:40:421 1320 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
18:17:40:421 1320
18:17:40:421 1320 Driver Name: iaStor
18:17:40:421 1320 IRP_MJ_CREATE : F71AA150
18:17:40:421 1320 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
18:17:40:421 1320 IRP_MJ_CLOSE : F71AA150
18:17:40:421 1320 IRP_MJ_READ : 804F4562
18:17:40:421 1320 IRP_MJ_WRITE : 804F4562
18:17:40:421 1320 IRP_MJ_QUERY_INFORMATION : 804F4562
18:17:40:421 1320 IRP_MJ_SET_INFORMATION : 804F4562
18:17:40:421 1320 IRP_MJ_QUERY_EA : 804F4562
18:17:40:421 1320 IRP_MJ_SET_EA : 804F4562
18:17:40:421 1320 IRP_MJ_FLUSH_BUFFERS : 804F4562
18:17:40:421 1320 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
18:17:40:421 1320 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
18:17:40:421 1320 IRP_MJ_DIRECTORY_CONTROL : 804F4562
18:17:40:421 1320 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
18:17:40:421 1320 IRP_MJ_DEVICE_CONTROL : F71AA150
18:17:40:421 1320 IRP_MJ_INTERNAL_DEVICE_CONTROL : F71AA150
18:17:40:421 1320 IRP_MJ_SHUTDOWN : 804F4562
18:17:40:421 1320 IRP_MJ_LOCK_CONTROL : 804F4562
18:17:40:421 1320 IRP_MJ_CLEANUP : 804F4562
18:17:40:421 1320 IRP_MJ_CREATE_MAILSLOT : 804F4562
18:17:40:421 1320 IRP_MJ_QUERY_SECURITY : 804F4562
18:17:40:421 1320 IRP_MJ_SET_SECURITY : 804F4562
18:17:40:421 1320 IRP_MJ_POWER : F71AA150
18:17:40:421 1320 IRP_MJ_SYSTEM_CONTROL : F71AA150
18:17:40:421 1320 IRP_MJ_DEVICE_CHANGE : 804F4562
18:17:40:421 1320 IRP_MJ_QUERY_QUOTA : 804F4562
18:17:40:421 1320 IRP_MJ_SET_QUOTA : 804F4562
18:17:40:421 1320 C:\WINDOWS\system32\drivers\iaStor.sys - Verdict: 1
18:17:40:421 1320
18:17:40:421 1320 Completed
18:17:40:421 1320
18:17:40:421 1320 Results:
18:17:40:421 1320 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
18:17:40:421 1320 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
18:17:40:421 1320 File objects infected / cured / cured on reboot: 0 / 0 / 0
18:17:40:421 1320
18:17:40:421 1320 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
18:17:40:421 1320 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
18:17:40:421 1320 KLMD(ARK) unloaded successfully
-
Could you please run ComboFix again and get me the log. Don't forget to disable your AV and Firewall and to re-enable them afterwards.
-
ComboFix 10-04-17.07 - Patrick 04/24/2010 21:38:20.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.598 [GMT -4:00]
Running from: c:\documents and settings\Patrick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Patrick\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
FILE ::
"c:\documents and settings\Patrick\udpcrawl.tmp"
"c:\windows\system32\corpol.dll"
.
((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 )))))))))))))))))))))))))))))))
.
2010-04-22 12:39 . 2010-04-22 12:39 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-22 12:38 . 2010-04-22 12:38 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-11 23:14 . 2010-04-11 23:14 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\Collectorz.com
2010-04-11 23:13 . 2010-04-11 23:13 -------- d-----w- c:\program files\Collectorz.com
2010-04-11 21:11 . 2010-04-11 21:12 -------- d-----w- c:\documents and settings\Patrick\Application Data\Disk Explorer Professional 3
2010-04-11 20:46 . 2010-04-11 20:46 -------- d-----w- c:\documents and settings\Patrick\.JavaHelp
2010-04-11 20:39 . 2010-04-11 20:50 -------- d-----w- c:\documents and settings\Patrick\.jajuk
2010-04-11 20:37 . 2010-04-11 20:50 -------- d-----w- c:\program files\Jajuk
2010-04-11 20:08 . 2010-04-11 20:24 -------- d-----w- c:\program files\Media Catalog Studio
2010-04-11 19:59 . 2010-04-11 19:59 -------- d-----w- c:\documents and settings\Patrick\Application Data\Pmcc
2010-04-11 11:47 . 2010-04-11 11:47 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-04-11 11:47 . 2010-04-11 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-09 20:47 . 2010-04-09 20:47 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-06 15:33 . 2010-04-06 15:33 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-06 15:33 . 2010-04-06 15:33 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-06 15:33 . 2010-04-06 15:33 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-06 15:33 . 2010-04-06 15:33 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-06 15:33 . 2010-04-06 15:33 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-06 15:33 . 2010-04-06 15:33 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-06 15:33 . 2010-04-06 15:33 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-06 15:33 . 2010-04-06 15:33 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-04-06 15:33 . 2010-04-06 15:33 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-06 15:33 . 2010-04-06 15:33 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-06 15:33 . 2010-04-06 15:33 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-06 15:33 . 2010-04-06 15:33 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-06 15:32 . 2010-04-06 15:32 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-04-06 15:32 . 2010-04-06 15:32 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-04-06 15:32 . 2010-04-06 15:32 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-04 20:54 . 2010-04-04 20:54 -------- d-----w- C:\desktopclean
2010-04-04 17:05 . 2010-04-04 17:05 -------- d-----w- c:\documents and settings\Anna\Application Data\PCToolsFirewallPlus
2010-04-03 23:12 . 2010-04-03 23:12 -------- d-----w- C:\$AVG
2010-04-03 22:59 . 2010-04-03 22:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-03 22:59 . 2010-04-22 12:39 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-03 22:59 . 2010-04-03 22:59 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-03 22:59 . 2010-04-03 22:59 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-03 22:59 . 2010-04-24 22:26 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-03 22:57 . 2010-04-03 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-03 22:27 . 2010-04-03 22:40 52224 ----a-w- c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-03 22:26 . 2010-04-03 22:43 117760 ----a-w- c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-03 22:24 . 2010-04-03 22:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-27 22:54 . 2010-03-27 22:55 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-27 22:53 . 2010-03-27 22:55 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-27 20:31 . 2010-03-27 20:31 -------- d-----w- c:\documents and settings\Patrick\Application Data\PCToolsFirewallPlus
2010-03-27 20:29 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-27 20:29 . 2009-11-09 15:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-27 20:29 . 2010-01-07 16:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-27 20:29 . 2010-03-27 20:29 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-27 20:29 . 2010-01-12 13:34 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-03-27 20:29 . 2010-01-07 15:35 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-03-27 20:29 . 2010-01-07 15:35 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-03-27 20:29 . 2010-01-13 12:59 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-03-27 20:29 . 2010-03-27 20:32 -------- d-----w- c:\program files\PC Tools Firewall Plus
2010-03-27 03:14 . 2010-03-27 19:28 -------- d-----w- c:\program files\a-squared Free
2010-03-26 19:54 . 2010-03-26 19:55 -------- d-----w- c:\program files\DVD Shrink
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 02:01 . 2006-12-20 16:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-18 12:57 . 2008-10-18 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-04-09 20:44 . 2008-11-27 19:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-04 17:56 . 2007-07-20 22:26 -------- d-----w- c:\documents and settings\Patrick\Application Data\LimeWire
2010-04-03 22:39 . 2006-12-20 16:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-03 22:25 . 2008-11-27 19:41 -------- d-----w- c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com
2010-03-27 22:57 . 2010-03-27 20:29 120 ----a-w- c:\documents and settings\Administrator\udpcrawl.tmp
2010-03-27 20:37 . 2009-10-23 13:57 -------- d-----w- c:\program files\Panda Security
2010-03-27 18:12 . 2006-12-20 16:26 -------- d-----w- c:\program files\Trend Micro
2010-03-26 21:05 . 2006-12-29 20:10 -------- d-----w- c:\program files\Civil Series 2004
2010-03-21 14:45 . 2006-12-20 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-21 00:00 . 2008-08-09 11:39 -------- d-----w- c:\program files\Security Task Manager
2010-03-20 20:33 . 2010-03-20 20:33 -------- d-----w- c:\program files\AVG
2010-03-20 13:53 . 2009-01-19 20:09 -------- d-----w- c:\program files\Postal2STP
2010-03-19 20:42 . 2010-01-17 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-03-19 18:29 . 2010-03-19 18:29 -------- d-----w- c:\documents and settings\Patrick\Application Data\Uniblue
2010-03-19 14:14 . 2010-01-10 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-18 02:50 . 2010-03-18 02:50 -------- d-----w- c:\documents and settings\Patrick\Application Data\Intermedia Software
2010-03-18 01:18 . 2010-03-18 01:18 -------- d-----w- c:\documents and settings\Patrick\Application Data\Digital Media Solutions
2010-03-14 04:01 . 2010-01-20 04:43 42 ----a-w- c:\documents and settings\Anna\Application Data\MTC-savedinstructor.dat
2010-03-14 03:17 . 2010-03-14 03:17 38 ----a-w- c:\documents and settings\Anna\Application Data\MTC-savedfolder.dat
2010-03-13 19:24 . 2010-03-13 19:24 54 ----a-w- c:\documents and settings\Patrick\Application Data\MTC-savedfolder.dat
2010-03-11 12:38 . 2004-08-11 23:00 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-11 23:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-11 23:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2004-08-11 23:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 16:51 . 2010-02-02 04:38 3247296 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-16 14:08 . 2004-08-11 23:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 04:59 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-11 23:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-11 23:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-22 22:12 . 2006-12-24 19:58 88 --sh--r- c:\windows\system32\A97C080420.sys
2010-01-22 22:12 . 2006-12-24 19:58 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
1997-06-23 17:06 . 1997-06-23 17:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-04-11_19.18.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-25 01:43 . 2010-04-25 01:43 16384 c:\windows\temp\Perflib_Perfdata_204.dat
+ 2010-04-25 01:43 . 2010-04-25 01:43 16384 c:\windows\temp\Perflib_Perfdata_198.dat
+ 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2004-08-11 23:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
+ 2010-04-11 23:21 . 2010-04-11 23:21 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\TVM\d5f6c4ddc906680d085f6e6a76246b19\TVM.ni.dll
+ 2010-04-11 23:21 . 2010-04-11 23:21 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Inte#\4108fbcfcb9c25c35a98fa51aa4a45b4\Intuit.Ctg.Wte.InterviewControlLibrary.ni.dll
+ 2004-08-11 23:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-05-09 10:53 . 2010-03-09 11:09 430080 c:\windows\system32\dllcache\vbscript.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-11-12 22:36 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2010-03-18 01:18 . 2003-08-26 20:03 757760 c:\windows\system32\CDDBUI.dll
+ 2010-03-18 01:18 . 2003-08-26 20:01 630784 c:\windows\system32\CDDBControl.dll
+ 2008-11-12 22:36 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-04-11 23:21 . 2010-04-11 23:21 656384 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Serv#\a1d5c654e44f6641673fc184784bd694\Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2008-10-16 02:50 . 2010-02-17 13:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 02:50 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-16 02:50 . 2010-02-17 13:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 02:50 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-04-11 23:21 . 2010-04-11 23:21 4153344 c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\90187d61a7bc5ba56307c85d2d93c418\ttax.ni.dll
+ 2010-04-11 23:21 . 2010-04-11 23:21 1323520 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\99639ace6996426854e3ce6cd8b1ffcb\Intuit.Ctg.Map.ni.dll
+ 2007-12-25 12:23 . 2010-04-06 17:52 31971272 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2007-12-10 18:46 1510424 ----a-w- c:\program files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-09 2010864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"dlcimon.exe"="c:\program files\Dell AIO Printer 946\dlcimon.exe" [2006-02-13 430080]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1172251831\ee\AOLSoftware.exe" [2006-09-26 50736]
"DLCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-20 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-20 98304]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NoActiveDesktopChanges"="00000000" [X]
"NoActiveDesktop"="0 (0x0)" [X]
"NoSaveSettings"="0 (0x0)" [X]
"ClassicShell"="0 (0x0)" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-20 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-04-03 22:43 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-03 22:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/31/2008 8:57 PM 715248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2010 6:59 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2010 6:59 PM 242896]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/27/2010 4:29 PM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/17/2008 3:11 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 3:11 PM 66632]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/3/2010 6:58 PM 308064]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 3:01 AM 13824]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [3/27/2010 4:29 PM 88040]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/14/2006 3:02 AM 13696]
R3 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [3/27/2010 4:29 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [3/27/2010 4:29 PM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [3/27/2010 4:29 PM 115216]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 3:11 PM 12872]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
NoActiveDesktopChanges = 3F 00 00 00
NoActiveDesktop = 63
NoSaveSettings = 63
ClassicShell = 63
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1480)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(340)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\windows\system32\dlcicoms.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2010-04-24 22:03:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-25 02:03
ComboFix2.txt 2010-04-23 20:20
ComboFix3.txt 2010-04-17 21:29
ComboFix4.txt 2010-04-11 19:19
Pre-Run: 121,364,553,728 bytes free
Post-Run: 121,385,558,016 bytes free
- - End Of File - - 431618CA79C8B3B0C594C070898155DB
-
That log looks clean. How's your computer working now?
-
No error messages for about 8 days, speed is slightly better...more importantly I am much more aware of practices, firewall usage and tools available to repair things (i.e. registry changes).
Thanks for your patience over these few weeks and your follow up!
Sláinte!
:D
-
That sounds good. If there are no other issues, it's time for some clean-up. You can uninstall HJT and delete TDSSKiller. You may keep SAS and MBAM, if you wish. Update them and run them on a regular basis. There is also a very effective tool installed on your computer called MRT, installed by MicroSoft. You can access it by going to Start, Run and type in MRT.exe It doesn't produce a log so that's why we don't use it on this forum but I use it all the time on my computers.
===============================
* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter
* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
================================
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!