My PC is down (Rootkit.TDSS) - Help please.

[Val2Read]

Here goes, LonnyRJ. I'm rebooting now to run MBAM.

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File move operation "C:\IBMTOOLS\DRIVERS\IMSM\IASTOR.SYS|C:\WINDOWS\system32\drivers\IASTOR.SYS" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

[Val2Read]

LonnyRJ - here's the MBAM log. The bug appears to be gone! THank you very much! Do you suggest any other cleanups I need to do on my PC?

Malwarebytes' Anti-Malware 1.41

Database version: 2834

Windows 5.1.2600 Service Pack 3

9/30/2009 3:51:14 PM

mbam-log-2009-09-30 (15-51-14).txt

Scan type: Quick Scan

Objects scanned: 112935

Time elapsed: 5 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[Val2Read]

I also noticed that the google redirects have ceased, and bootup is much faster.

[LonnyRJ]

Great

Launch Notepad (Important, not wordpad or other third party text editor), and copy and paste the contents

of the code box below into a new text file. (dont include the word code)

Save it as file name: cfscript.txt

fcopy::
"C:\WINDOWS\system32\drivers\IASTOR.SYS" | "C:\IBMTOOLS\DRIVERS\IMSM\IASTOR.SYS"
killall::

As in the picture above drag and drop cfscript.txt onto combofix.exe

When it is finished a text will open, post it.

[Val2Read]

Great

Launch Notepad (Important, not wordpad or other third party text editor), and copy and paste the contents

of the code box below into a new text file. (dont include the word code)

Save it as file name: cfscript.txt

fcopy::
"C:\WINDOWS\system32\drivers\IASTOR.SYS" | "C:\IBMTOOLS\DRIVERS\IMSM\IASTOR.SYS"
killall::

As in the picture above drag and drop cfscript.txt onto combofix.exe

When it is finished a text will open, post it.

LonnyRJ - I got "installation failed". Then combofix started scanning, and after that rebooted by laptop. No text boxes opened, though.

[LonnyRJ]

Can you manualy copy that file to the other location ?

copy from (not delete or move) C:\WINDOWS\system32\drivers\IASTOR.SYS"

and place it in the imsm folder here "C:\IBMTOOLS\DRIVERS\IMSM\"

I'll check into the "installation failed". message

[Val2Read]

Can you manualy copy that file to the other location ?

copy from (not delete or move) C:\WINDOWS\system32\drivers\IASTOR.SYS"

and place it in the imsm folder here "C:\IBMTOOLS\DRIVERS\IMSM\"

I'll check into the "installation failed". message

LonnyRJ - copy and replace was successful.

[LonnyRJ]

The "installation failed". message is probaly becouse of not disabling COMODO Internet Security, BitDefender and SUPERAntiSpyware.

Disable them and try running combofix again please.

Not need to use the cfscript this time

[Val2Read]

The "installation failed". message is probaly becouse of not disabling COMODO Internet Security, BitDefender and SUPERAntiSpyware.

Disable them and try running combofix again please.

Not need to use the cfscript this time

I disabled Comodo, BitDefender and SuperAnti Spyware. But I still get the "Installation Failed" notice. Also I get another dialogue box telling me ComboFix has expired, to press "yes" for limited functionality, and "no" to exit.

[Val2Read]

LonnyRJ - should I just re-download ComboFix and run it again?

[LonnyRJ]

Yes please

delete the old copy first

[Val2Read]

LonnyRJ - here is the ComboFix log:

ComboFix 09-10-01.01 - 10/01/2009 22:59.5.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2459 [GMT -7:00]

Running from: c:\documents and settings\AA\Desktop\ComboFix.exe

AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

.

((((((((((((((((((((((((( Files Created from 2009-09-02 to 2009-10-02 )))))))))))))))))))))))))))))))

.

2009-09-30 23:09 . 2009-09-30 23:09 -------- d-----w- c:\windows\Sun

2009-09-30 23:08 . 2009-09-30 23:07 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-09-30 23:07 . 2009-09-30 23:07 -------- d-----w- c:\program files\Java

2009-09-20 21:48 . 2009-09-20 21:48 -------- d-----w- c:\program files\Trend Micro

2009-09-20 18:18 . 2009-09-20 18:18 -------- d-----w- c:\documents and settings\AA\Application Data\Bitdefender

2009-09-20 18:17 . 2009-09-20 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender

2009-09-19 23:40 . 2009-09-19 23:40 -------- d--ha-w- c:\windows\PIF

2009-09-13 03:05 . 2009-09-13 03:05 -------- d-----w- c:\program files\ePaperPress

2009-09-09 04:20 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-01 15:12 . 2008-03-08 09:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-10-01 15:11 . 2008-07-03 04:03 81984 ----a-w- c:\windows\system32\bdod.bin

2009-10-01 07:54 . 2008-12-11 14:44 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-10-01 07:49 . 2009-05-01 07:09 -------- d-----w- c:\program files\SpywareBlaster

2009-09-20 22:11 . 2008-06-13 23:33 -------- d-----w- c:\documents and settings\AA\Application Data\R-Wipe&Clean

2009-09-20 18:17 . 2008-05-18 07:33 -------- d-----w- c:\program files\Common Files\BitDefender

2009-09-20 09:11 . 2008-10-01 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\R-Wipe&Clean

2009-09-20 01:22 . 2008-12-11 08:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-20 00:33 . 2009-06-29 04:38 179792 ----a-w- c:\windows\system32\guard32.dll

2009-09-20 00:33 . 2009-06-29 04:38 87104 ----a-w- c:\windows\system32\drivers\inspect.sys

2009-09-20 00:33 . 2009-06-29 04:38 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2009-09-20 00:33 . 2009-06-29 04:38 132296 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2009-09-13 08:50 . 2008-02-08 09:18 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-09-10 21:54 . 2008-12-11 08:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 21:53 . 2008-12-11 08:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-09 06:45 . 2006-08-09 02:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-09-06 00:04 . 2008-08-01 20:06 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-08-31 04:51 . 2009-08-31 04:41 -------- d-----w- c:\program files\Topaz Labs

2009-08-30 18:59 . 2008-06-13 04:42 -------- d-----w- c:\program files\PurgeIE

2009-08-23 05:40 . 2006-08-16 06:17 -------- d---a-w- c:\documents and settings\AA\Application Data\Apple Computer

2009-08-22 21:16 . 2009-08-22 21:16 -------- d-----w- c:\documents and settings\AA\Application Data\Auto FX Software

2009-08-16 16:18 . 2009-07-04 06:00 110304 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-07 01:08 . 2009-08-07 01:08 6456320 ----a-w- c:\windows\system32\tlidetail10.dll

2009-08-05 09:01 . 1980-01-01 07:00 204800 ------w- c:\windows\system32\mswebdvd.dll

2009-07-17 19:01 . 1980-01-01 07:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 06:43 . 1980-01-01 07:00 286208 ------w- c:\windows\system32\wmpdxm.dll

2009-07-08 04:50 . 2006-07-04 21:28 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS

2009-07-06 03:17 . 2009-07-05 06:45 2639680 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

.

((((((((((((((((((((((((((((( SnapShot@2009-09-22_10.37.18 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-10-01 15:12 . 2009-10-01 15:12 16384 c:\windows\temp\Perflib_Perfdata_7d8.dat

- 2006-08-04 19:02 . 2009-09-22 10:25 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2006-08-04 19:02 . 2009-09-30 22:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2008-05-25 07:10 . 2009-09-22 10:25 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-05-25 07:10 . 2009-09-30 22:20 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-09-30 23:08 . 2009-09-30 23:07 149280 c:\windows\system32\javaws.exe

+ 2009-09-30 23:08 . 2009-09-30 23:07 145184 c:\windows\system32\javaw.exe

+ 2009-09-30 23:08 . 2009-09-30 23:07 145184 c:\windows\system32\java.exe

+ 2009-09-30 23:07 . 2009-09-30 23:07 537600 c:\windows\Installer\1bb548.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-01 1998576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-09-20 1799952]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]

"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-05 368640]

"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2005-11-07 106496]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-1-17 618557]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-10-01 07:54 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]

2006-03-23 09:03 49152 ----a-w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2005-07-06 06:45 28672 ------w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2005-12-01 03:16 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^AA^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\documents and settings\AA\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Register FocalPoint 1.0.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Register FocalPoint 1.0.lnk

backup=c:\windows\pss\Register FocalPoint 1.0.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Register Mask Pro 3.0.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Register Mask Pro 3.0.lnk

backup=c:\windows\pss\Register Mask Pro 3.0.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\ScanSoft\\OmniPageSE\\EregEng\\NAVBrowser.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\ThinkVantage\\AMSG\\AMSG.EXE"=

"c:\\Program Files\\QuickTime\\QTTask.exe"=

"c:\\Program Files\\BitDefender\\BitDefender 2008\\bdagent.exe"=

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [9/12/2003 3:19 PM 132899]

R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [7/4/2006 2:03 PM 85760]

R0 stcvsm;stcvsm;c:\windows\system32\drivers\stcvsm.sys [5/18/2008 6:45 PM 127520]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [6/28/2009 9:38 PM 132296]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/28/2009 9:38 PM 25160]

R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [9/12/2003 3:48 PM 46810]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/4/2008 2:50 PM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50 PM 74480]

R1 sbmount;StorageCraft Image Mount Driver;c:\windows\system32\drivers\sbmount.sys [5/18/2008 6:45 PM 86560]

R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [7/4/2006 2:03 PM 4736]

R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [7/4/2006 2:30 PM 4442]

R2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [12/19/2007 12:28 AM 417792]

R2 FlipShare Service;FlipShare Service;c:\program files\Pure Digital Technologies\FlipShare\FlipShareService.exe [11/13/2008 1:17 PM 439616]

R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [12/21/2005 5:14 PM 12544]

R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [11/15/2005 1:11 PM 46142]

R2 ShadowProtectSvc;ShadowProtect Service;c:\program files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [5/18/2008 6:45 PM 1239584]

R2 smi2;smi2;c:\program files\SMI2\smi2.sys [12/21/2005 4:45 PM 3968]

R2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\system32\vsnapvss.exe [5/18/2008 6:45 PM 69664]

R2 Workshare Protect Service;Workshare Protect Service;"c:\program files\Workshare\Modules\Workshare.Protect.Service.SvcHost.exe" [9/11/2008 6:06 PM 36864]

R3 DisplayLinkGA;DisplayLinkGA;c:\windows\system32\drivers\DisplayLinkGAport.sys [3/9/2007 12:09 PM 25704]

R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [3/9/2007 12:16 PM 23400]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50 PM 7408]

S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort.sys [7/29/2008 7:02 PM 26600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Workshare Professional 5.21.9652.292]

c:\program files\Workshare\Modules\WmConfigAssistant.exe /userinit

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Workshare Protect Client]

c:\program files\Workshare\Modules\Workshare.Protect.UserInit.exe

.

Contents of the 'Scheduled Tasks' folder

2009-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]

2009-09-01 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-07-04 08:13]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.cnn.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/us/en/

uInternet Settings,ProxyOverride = <local>

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://www.tenebril.com/assets/activeX/SpywareScannerV2.ocx

DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://mickey.manatt.com/Exchweb/controls/DAX.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-01 23:08

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(964)

c:\windows\system32\guard32.dll

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\tphklock.dll

c:\program files\Lenovo\AwayTask\AwayNotify.dll

c:\windows\system32\igfxdev.dll

c:\windows\system32\notifyf2.dll

- - - - - - - > 'lsass.exe'(1020)

c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(7852)

c:\windows\system32\WININET.dll

c:\windows\system32\PROCHLP.DLL

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-10-02 23:11

ComboFix-quarantined-files.txt 2009-10-02 06:11

ComboFix2.txt 2009-09-23 00:20

ComboFix3.txt 2009-09-22 10:47

Pre-Run: 2,568,777,728 bytes free

Post-Run: 2,554,884,096 bytes free

215 --- E O F --- 2009-09-09 06:49

[LonnyRJ]

Great

Uninstall combofix, to do so go start run type

combofix /u

press enter, you should see a confirmation message ?

In the furture do not run the tool without an analyst's supervision

Think Prevention: Put in place a good hosts file

http://www.mvps.org/winhelp2002/hosts.htm

Repeat that proccess about once or even twice a month

Are there any question's or current problems ?

[Val2Read]

Great

Uninstall combofix, to do so go start run type

combofix /u

press enter, you should see a confirmation message ?

In the furture do not run the tool without an analyst's supervision

Think Prevention: Put in place a good hosts file

http://www.mvps.org/winhelp2002/hosts.htm

Repeat that proccess about once or even twice a month

Are there any question's or current problems ?

Many many thanks LonnyRJ. You have been so patient and kind during this entire process. I will take your advice regarding the hosts file. My laptop now seems to run like it used to so here's hoping it stays that way. This is the first time I've ever been hit with this kind of a problem, so I'm very glad that it's been resolved - thanks to you.