Can't remove Fraud.XPAntivirus

[Willy_J]

Here is the HJT log for a problem posted under Software/Spybot "Spybot can't remove Fraud.XPAntivrus"

http://forums.spybot.info/showthread.php?t=33891

(Sorry - unsure how to create a link to the other post)

Cheers,
-Will.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:41 PM, on 8/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\jqnsvwxq\dyjkjmhk.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\zunypsrw.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theage.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.searching-4u.com/search_page.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SysHlpApl] C:\WINDOWS\system32\tedatkng.exe
O4 - HKCU\..\Run: [ChkSmart] C:\WINDOWS\system32\zunypsrw.exe
O4 - HKCU\..\Run: [dscwin] C:\WINDOWS\system32\rebczgfq.exe
O4 - HKLM\..\Policies\Explorer\Run: [t5F7z2C0Tv] C:\Documents and Settings\All Users\Application Data\jqnsvwxq\dyjkjmhk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\billmind.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm395XXAU
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\docume~1\davidd~1\locals~1\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\davidd~1\locals~1\temp\ntdll64.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe (file missing)
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe (file missing)
O23 - Service: ServiceSB4 - Axaware - C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe (file missing)
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe (file missing)
O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.perpetual.com.au/images/topimage.gif
O24 - Desktop Component 1: (no name) - https://my.bigpond.com/res/images/v7...bg_content.gif

--
End of file - 9929 bytes

[peku006]

Hello and Welcome to the forums!

My name is peku006and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Please continue to respond until I give you the "All Clear"

If you follow these instructions, everything should go smoothly.

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply.
• If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

2 - download and run RSIT

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
description of any problems you are having with your PC

Thanks peku006

[peku006]

Hello!

Do you still need help

It has been three days since my last post.

Do you still need help with this?
Do you need more time?
Are you having problems following my instructions?

Note: If after 48hrs you have not replied to this thread then it will have to be CLOSED!

[Willy_J]

peku006,
big thanks for sending through a reply - yes I still need the help but was away over the weekend.
I will look through your reply and get back to you asap.
All the best,
-Will.

[peku006]

Ok no problem. Just follow my instructions in my previous post.

[Willy_J]

Peku,
I've had mixed success.
I ran Malwarebte's Antimalware (call it MBAM for short?) program and it did pick up an infection on the full scan that it had not seen on a quick scan. Log is following.
I ran the RSIT program and saved both logs. However this was before I realised I needed to do a full scan for MBAM. Subsequently when I run RSIT I only get one log - that being log.txt (following) and no info.txt. Even after a reboot.
Go figure?
Let me know if you want to see the info.txt that was generated before the last full scan of MBAM.
Thanks in advance,
-Will.


Malwarebytes' Anti-Malware 1.26
Database version: 1116
Windows 5.1.2600 Service Pack 3

15/09/2008 2:51:51 PM
mbam-log-2008-09-15 (14-51-51).txt

Scan type: Full Scan (C:\|)
Objects scanned: 89839
Time elapsed: 40 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\David Dumbrell\Local Settings\TempGenProc\pivcruru.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

----------------------

Logfile of random's system information tool 1.01 (written by random/random)
Run by David Dumbrell at 2008-09-16 10:05:56
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 19 GB (49%) free of 39 GB
Total RAM: 223 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:20 AM, on 16/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\jqnsvwxq\dyjkjmhk.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\David Dumbrell\Desktop\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\David Dumbrell.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theage.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.searching-4u.com/search_page.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SysHlpApl] C:\WINDOWS\system32\tedatkng.exe
O4 - HKCU\..\Run: [ChkSmart] C:\WINDOWS\system32\zunypsrw.exe
O4 - HKCU\..\Run: [dscwin] C:\WINDOWS\system32\rebczgfq.exe
O4 - HKLM\..\Policies\Explorer\Run: [t5F7z2C0Tv] C:\Documents and Settings\All Users\Application Data\jqnsvwxq\dyjkjmhk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\billmind.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm395XXAU
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\docume~1\davidd~1\locals~1\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\davidd~1\locals~1\temp\ntdll64.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe (file missing)
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe (file missing)
O23 - Service: ServiceSB4 - Axaware - C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe (file missing)
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe (file missing)
O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.perpetual.com.au/images/topimage.gif
O24 - Desktop Component 1: (no name) - https://my.bigpond.com/res/images/v7...bg_content.gif

--
End of file - 9903 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll [2008-09-07 651248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-04-26 102400]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-04-14 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-04-14 40960]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2002-12-10 77824]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-20 78008]
"SetDefPrt"=C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe [2004-11-11 49152]
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2005-01-07 864256]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"t5F7z2C0Tv"=C:\Documents and Settings\All Users\Application Data\jqnsvwxq\dyjkjmhk.exe [2008-08-30 65536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-22 68856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-05 1576176]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SysHlpApl"=C:\WINDOWS\system32\tedatkng.exe []
"ChkSmart"=C:\WINDOWS\system32\zunypsrw.exe []
"dscwin"=C:\WINDOWS\system32\rebczgfq.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Billminder.lnk - C:\Program Files\QUICKENW\billmind.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="sockspy.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-08-27 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-04 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\svcWRSSSDK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\Launch.exe /run


File associations

.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*
.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

List of files/folders created in the last three months

2008-09-15 13:00:51 ----D---- C:\rsit
2008-09-08 15:37:22 ----D---- C:\Program Files\Trend Micro
2008-09-07 11:42:41 ----SHD---- C:\RECYCLER
2008-09-07 11:02:04 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-06 20:08:11 ----A---- C:\ComboFix.txt
2008-09-06 17:14:32 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-05 20:11:17 ----A---- C:\WINDOWS\system32\locate.com
2008-09-05 20:10:04 ----D---- C:\MGtools
2008-09-05 19:59:54 ----A---- C:\Boot.bak
2008-09-05 19:59:48 ----D---- C:\cmdcons
2008-09-05 19:58:30 ----D---- C:\WINDOWS\erdnt
2008-09-05 19:57:27 ----D---- C:\QooBox
2008-09-05 19:57:24 ----A---- C:\WINDOWS\zip.exe
2008-09-05 19:57:24 ----A---- C:\WINDOWS\VFind.exe
2008-09-05 19:57:24 ----A---- C:\WINDOWS\swsc.exe
2008-09-05 19:57:24 ----A---- C:\WINDOWS\swreg.exe
2008-09-05 19:57:24 ----A---- C:\WINDOWS\sed.exe
2008-09-05 19:57:24 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-05 19:57:24 ----A---- C:\WINDOWS\grep.exe
2008-09-05 19:57:24 ----A---- C:\WINDOWS\fdsv.exe
2008-09-04 22:04:00 ----A---- C:\MGtools.exe
2008-09-04 21:23:32 ----D---- C:\WINDOWS\Sun
2008-09-04 21:23:31 ----D---- C:\Documents and Settings\David Dumbrell\Application Data\Sun
2008-09-04 21:16:53 ----D---- C:\Program Files\Three Rings Design
2008-09-04 21:16:01 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-04 21:16:01 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-04 21:16:01 ----A---- C:\WINDOWS\system32\java.exe
2008-09-04 21:12:03 ----D---- C:\Program Files\Java
2008-09-04 21:11:24 ----D---- C:\Program Files\Common Files\Java
2008-09-04 21:00:41 ----D---- C:\WINDOWS\BDOSCAN8
2008-09-04 20:59:25 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-04 20:53:50 ----D---- C:\Program Files\CCleaner
2008-09-03 19:02:31 ----A---- C:\WINDOWS\system32\zwdidcjy.exe.dont trust
2008-09-02 19:18:37 ----A---- C:\WINDOWS\system32\bermvgrs.exe.dont trust
2008-08-30 14:50:25 ----D---- C:\Documents and Settings\All Users\Application Data\jqnsvwxq
2008-08-30 14:49:22 ----D---- C:\Program Files\SAV
2008-08-28 14:14:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-27 15:45:49 ----D---- C:\WINDOWS\Prefetch
2008-08-27 14:53:51 ----D---- C:\WINDOWS\system32\scripting
2008-08-27 14:53:48 ----D---- C:\WINDOWS\l2schemas
2008-08-27 14:53:47 ----D---- C:\WINDOWS\system32\en
2008-08-26 16:20:57 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-26 16:20:54 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-26 16:20:51 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-26 16:20:51 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-26 16:20:39 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-26 16:20:39 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-26 16:20:09 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-26 16:20:00 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-26 16:19:56 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-26 16:19:53 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-26 16:19:48 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-26 16:19:48 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-26 16:19:48 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-26 16:19:42 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-26 16:19:34 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-26 16:19:00 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-26 16:19:00 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-26 16:19:00 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-26 16:18:58 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-26 16:18:58 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-26 16:18:54 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-26 16:18:54 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-26 16:18:37 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-26 16:18:36 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-26 16:18:36 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-26 16:18:36 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-26 16:18:20 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-26 16:18:19 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-26 16:18:17 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-26 16:18:17 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-26 16:18:17 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-26 16:18:16 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-26 16:17:46 ----A---- C:\WINDOWS\005642_.tmp
2008-08-26 16:17:42 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-26 16:17:42 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-26 16:17:42 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-26 16:17:42 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-26 16:17:42 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-26 16:17:42 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-26 16:17:42 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-26 16:17:42 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-26 16:17:35 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-26 16:17:35 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-26 16:17:35 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-26 16:17:35 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-26 16:17:35 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-26 16:17:35 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-26 16:17:35 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-26 16:17:30 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-26 16:17:30 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-26 16:17:29 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-26 16:17:21 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-26 16:17:09 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-26 16:17:09 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-26 16:16:50 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-26 15:39:57 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-24 17:05:56 ----D---- C:\WINDOWS\MSREMOTE.SFS
2008-08-15 03:07:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-15 03:07:32 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-15 03:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-15 03:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-15 03:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-15 03:04:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-15 03:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-07-09 08:56:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-04 12:03:14 ----D---- C:\Program Files\Common Files\supportsoft
2008-07-04 12:01:57 ----A---- C:\WINDOWS\system32\acXMLParser.dll
2008-07-04 12:01:52 ----A---- C:\WINDOWS\system32\cdintf300.dll
2008-07-04 11:54:57 ----D---- C:\Program Files\Common Files\Intuit
2008-07-04 11:54:57 ----D---- C:\Documents and Settings\All Users\Application Data\Intuit
2008-07-04 11:52:35 ----D---- C:\Documents and Settings\All Users\Application Data\COMMON FILES
2008-07-04 11:42:57 ----RSD---- C:\WINDOWS\assembly
2008-07-04 11:41:30 ----D---- C:\WINDOWS\Microsoft.NET
2008-07-04 11:23:45 ----D---- C:\Documents and Settings\David Dumbrell\Application Data\Download Manager
2008-07-04 11:23:39 ----D---- C:\Program Files\Akamai
2008-06-22 17:07:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

List of drivers

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-20 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-20 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-20 42912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SiSkp;SiSkp; C:\WINDOWS\system32\drivers\srvkp.sys [2002-04-03 5760]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\System32\Drivers\tmtdi.sys [2005-01-18 35456]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-20 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-20 94416]
R2 SVKP;SVKP; \??\C:\WINDOWS\System32\SVKP.sys []
R2 tm_cfw;Common Firewall Driver; C:\WINDOWS\System32\Drivers\tm_cfw.sys [2005-01-18 838870]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 Tmpreflt;Tmpreflt; C:\WINDOWS\system32\drivers\Tmpreflt.sys [2005-02-18 25088]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-06-12 654604]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-20 23152]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-10-07 9856]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2002-04-29 192640]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S2 BDRSDRV;BDRSDRV; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
S2 Tmfilter;Tmfilter; C:\WINDOWS\system32\drivers\TmXPFlt.sys [2005-02-18 183808]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS); C:\WINDOWS\System32\DRIVERS\alcan5ln.sys [2002-05-03 36960]
S3 alcan5wn;Alcatel SpeedTouch(tm) USB ADSL PPPoA Networking Driver (NDIS); C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [2000-12-14 42880]
S3 alcaudsl;Alcatel Speed Touch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2002-05-03 735568]
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys []
S3 BDFSDRV;BDFSDRV; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 brfilt;Brother MFC Filter Driver; C:\WINDOWS\System32\Drivers\Brfilt.sys [2001-08-17 2944]
S3 brparimg;Brother Multi Function Parallel Image driver; C:\WINDOWS\System32\DRIVERS\BrParImg.sys [2001-08-17 3168]
S3 BrParWdm;Brother WDM Parallel Driver; C:\WINDOWS\System32\Drivers\BrParwdm.sys [2001-08-17 39552]
S3 BrSerWDM;Brother WDM Serial driver; C:\WINDOWS\System32\Drivers\BrSerWdm.sys [2004-11-23 61440]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 mf;mf; C:\WINDOWS\System32\DRIVERS\mf.sys [2008-04-14 63744]
S3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver; C:\WINDOWS\System32\DRIVERS\ntspppoe.sys [2002-03-06 161640]
S3 RAWESR;RAWESR; \??\C:\PROGRA~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 TAPBIND;TAPBIND; \??\C:\PROGRA~1\EFFICI~1\ENTERN~1\app\TAPBIND1.SYS []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-20 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-20 147640]
R2 brmfbags;Brother BidiAgent Service for Resource manager; C:\WINDOWS\system32\BrmfBAgS.exe [2004-09-10 53248]
R2 ServiceSB4;ServiceSB4; C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe [2007-05-30 562584]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-20 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-24 348344]
S2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe []
S2 PPPoEService;PPPoE Service; C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe []
S2 Tmntsrv;Trend NT Realtime Service; C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe []
S2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe []
S2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-07 137200]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2005-11-23 89792]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------