Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Can't remove Fraud.XPAntivirus

  1. #1
    Junior Member
    Join Date
    Sep 2008
    Posts
    9

    Default Can't remove Fraud.XPAntivirus

    Here is the HJT log for a problem posted under Software/Spybot "Spybot can't remove Fraud.XPAntivrus"

    http://forums.spybot.info/showthread.php?t=33891

    (Sorry - unsure how to create a link to the other post)

    Cheers,
    -Will.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:37:41 PM, on 8/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\BrmfBAgS.exe
    C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\All Users\Application Data\jqnsvwxq\dyjkjmhk.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\zunypsrw.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theage.com.au/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.searching-4u.com/search_page.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SysHlpApl] C:\WINDOWS\system32\tedatkng.exe
    O4 - HKCU\..\Run: [ChkSmart] C:\WINDOWS\system32\zunypsrw.exe
    O4 - HKCU\..\Run: [dscwin] C:\WINDOWS\system32\rebczgfq.exe
    O4 - HKLM\..\Policies\Explorer\Run: [t5F7z2C0Tv] C:\Documents and Settings\All Users\Application Data\jqnsvwxq\dyjkjmhk.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\billmind.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm395XXAU
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\docume~1\davidd~1\locals~1\temp\ntdll64.dll
    O10 - Unknown file in Winsock LSP: c:\docume~1\davidd~1\locals~1\temp\ntdll64.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe (file missing)
    O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe (file missing)
    O23 - Service: ServiceSB4 - Axaware - C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe (file missing)
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe (file missing)
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe (file missing)
    O24 - Desktop Component 0: (no name) - http://www.perpetual.com.au/images/topimage.gif
    O24 - Desktop Component 1: (no name) - https://my.bigpond.com/res/images/v7...bg_content.gif

    --
    End of file - 9929 bytes

  2. #2
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hello and Welcome to the forums!

    My name is peku006and I will be helping you to remove any infection(s) that you may have.
    I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

    Please observe these rules while we work:

    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Please continue to respond until I give you the "All Clear"


    If you follow these instructions, everything should go smoothly.

    1 - Download and Run Malwarebytes' Anti-Malware
    Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
    • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


    2 - download and run RSIT

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)


    3 - Status Check
    Please reply with

    1.the logs from RSIT (log.txt ,info.txt)
    2. the Malwarebytes' Anti-Malware Log
    description of any problems you are having with your PC

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  3. #3
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hello!

    Do you still need help

    It has been three days since my last post.

    Do you still need help with this?
    Do you need more time?
    Are you having problems following my instructions?

    Note: If after 48hrs you have not replied to this thread then it will have to be CLOSED!
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  4. #4
    Junior Member
    Join Date
    Sep 2008
    Posts
    9

    Default

    peku006,
    big thanks for sending through a reply - yes I still need the help but was away over the weekend.
    I will look through your reply and get back to you asap.
    All the best,
    -Will.

  5. #5
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Ok no problem. Just follow my instructions in my previous post.
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  6. #6
    Junior Member
    Join Date
    Sep 2008
    Posts
    9

    Default

    Peku,
    I've had mixed success.
    I ran Malwarebte's Antimalware (call it MBAM for short?) program and it did pick up an infection on the full scan that it had not seen on a quick scan. Log is following.
    I ran the RSIT program and saved both logs. However this was before I realised I needed to do a full scan for MBAM. Subsequently when I run RSIT I only get one log - that being log.txt (following) and no info.txt. Even after a reboot.
    Go figure?
    Let me know if you want to see the info.txt that was generated before the last full scan of MBAM.
    Thanks in advance,
    -Will.


    Malwarebytes' Anti-Malware 1.26
    Database version: 1116
    Windows 5.1.2600 Service Pack 3

    15/09/2008 2:51:51 PM
    mbam-log-2008-09-15 (14-51-51).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 89839
    Time elapsed: 40 minute(s), 28 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\David Dumbrell\Local Settings\TempGenProc\pivcruru.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    ----------------------

    Logfile of random's system information tool 1.01 (written by random/random)
    Run by David Dumbrell at 2008-09-16 10:05:56
    Microsoft Windows XP Home Edition Service Pack 3
    System drive C: has 19 GB (49%) free of 39 GB
    Total RAM: 223 MB (40% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:06:20 AM, on 16/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\BrmfBAgS.exe
    C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\All Users\Application Data\jqnsvwxq\dyjkjmhk.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Documents and Settings\David Dumbrell\Desktop\RSIT.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\David Dumbrell.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theage.com.au/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.searching-4u.com/search_page.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SysHlpApl] C:\WINDOWS\system32\tedatkng.exe
    O4 - HKCU\..\Run: [ChkSmart] C:\WINDOWS\system32\zunypsrw.exe
    O4 - HKCU\..\Run: [dscwin] C:\WINDOWS\system32\rebczgfq.exe
    O4 - HKLM\..\Policies\Explorer\Run: [t5F7z2C0Tv] C:\Documents and Settings\All Users\Application Data\jqnsvwxq\dyjkjmhk.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\billmind.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm395XXAU
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\docume~1\davidd~1\locals~1\temp\ntdll64.dll
    O10 - Unknown file in Winsock LSP: c:\docume~1\davidd~1\locals~1\temp\ntdll64.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe (file missing)
    O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe (file missing)
    O23 - Service: ServiceSB4 - Axaware - C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe (file missing)
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe (file missing)
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe (file missing)
    O24 - Desktop Component 0: (no name) - http://www.perpetual.com.au/images/topimage.gif
    O24 - Desktop Component 1: (no name) - https://my.bigpond.com/res/images/v7...bg_content.gif

    --
    End of file - 9903 bytes

    Scheduled tasks folder

    C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

    Registry dump

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll [2008-09-07 651248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-04-26 102400]
    "SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
    "PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-04-14 57393]
    "IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-04-14 40960]
    "Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2002-12-10 77824]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-20 78008]
    "SetDefPrt"=C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe [2004-11-11 49152]
    "ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2005-01-07 864256]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "t5F7z2C0Tv"=C:\Documents and Settings\All Users\Application Data\jqnsvwxq\dyjkjmhk.exe [2008-08-30 65536]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-22 68856]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
    "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-05 1576176]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "SysHlpApl"=C:\WINDOWS\system32\tedatkng.exe []
    "ChkSmart"=C:\WINDOWS\system32\zunypsrw.exe []
    "dscwin"=C:\WINDOWS\system32\rebczgfq.exe []

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    Billminder.lnk - C:\Program Files\QUICKENW\billmind.exe
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="sockspy.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-08-27 352256]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-04 77824]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\svcWRSSSDK]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    shell\AutoRun\command - E:\Launch.exe /run


    File associations

    .ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
    .reg - open - regedit.exe "%1" %*
    .scr - open - "%1" %*
    .txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

    List of files/folders created in the last three months

    2008-09-15 13:00:51 ----D---- C:\rsit
    2008-09-08 15:37:22 ----D---- C:\Program Files\Trend Micro
    2008-09-07 11:42:41 ----SHD---- C:\RECYCLER
    2008-09-07 11:02:04 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-09-06 20:08:11 ----A---- C:\ComboFix.txt
    2008-09-06 17:14:32 ----A---- C:\WINDOWS\ntbtlog.txt
    2008-09-05 20:11:17 ----A---- C:\WINDOWS\system32\locate.com
    2008-09-05 20:10:04 ----D---- C:\MGtools
    2008-09-05 19:59:54 ----A---- C:\Boot.bak
    2008-09-05 19:59:48 ----D---- C:\cmdcons
    2008-09-05 19:58:30 ----D---- C:\WINDOWS\erdnt
    2008-09-05 19:57:27 ----D---- C:\QooBox
    2008-09-05 19:57:24 ----A---- C:\WINDOWS\zip.exe
    2008-09-05 19:57:24 ----A---- C:\WINDOWS\VFind.exe
    2008-09-05 19:57:24 ----A---- C:\WINDOWS\swsc.exe
    2008-09-05 19:57:24 ----A---- C:\WINDOWS\swreg.exe
    2008-09-05 19:57:24 ----A---- C:\WINDOWS\sed.exe
    2008-09-05 19:57:24 ----A---- C:\WINDOWS\Nircmd.exe
    2008-09-05 19:57:24 ----A---- C:\WINDOWS\grep.exe
    2008-09-05 19:57:24 ----A---- C:\WINDOWS\fdsv.exe
    2008-09-04 22:04:00 ----A---- C:\MGtools.exe
    2008-09-04 21:23:32 ----D---- C:\WINDOWS\Sun
    2008-09-04 21:23:31 ----D---- C:\Documents and Settings\David Dumbrell\Application Data\Sun
    2008-09-04 21:16:53 ----D---- C:\Program Files\Three Rings Design
    2008-09-04 21:16:01 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-09-04 21:16:01 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-09-04 21:16:01 ----A---- C:\WINDOWS\system32\java.exe
    2008-09-04 21:12:03 ----D---- C:\Program Files\Java
    2008-09-04 21:11:24 ----D---- C:\Program Files\Common Files\Java
    2008-09-04 21:00:41 ----D---- C:\WINDOWS\BDOSCAN8
    2008-09-04 20:59:25 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-09-04 20:53:50 ----D---- C:\Program Files\CCleaner
    2008-09-03 19:02:31 ----A---- C:\WINDOWS\system32\zwdidcjy.exe.dont trust
    2008-09-02 19:18:37 ----A---- C:\WINDOWS\system32\bermvgrs.exe.dont trust
    2008-08-30 14:50:25 ----D---- C:\Documents and Settings\All Users\Application Data\jqnsvwxq
    2008-08-30 14:49:22 ----D---- C:\Program Files\SAV
    2008-08-28 14:14:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
    2008-08-27 15:45:49 ----D---- C:\WINDOWS\Prefetch
    2008-08-27 14:53:51 ----D---- C:\WINDOWS\system32\scripting
    2008-08-27 14:53:48 ----D---- C:\WINDOWS\l2schemas
    2008-08-27 14:53:47 ----D---- C:\WINDOWS\system32\en
    2008-08-26 16:20:57 ----N---- C:\WINDOWS\system32\wmphoto.dll
    2008-08-26 16:20:54 ----N---- C:\WINDOWS\system32\wlanapi.dll
    2008-08-26 16:20:51 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
    2008-08-26 16:20:51 ----N---- C:\WINDOWS\system32\windowscodecs.dll
    2008-08-26 16:20:39 ----N---- C:\WINDOWS\system32\tspkg.dll
    2008-08-26 16:20:39 ----N---- C:\WINDOWS\system32\tsgqec.dll
    2008-08-26 16:20:09 ----N---- C:\WINDOWS\system32\setupn.exe
    2008-08-26 16:20:00 ----N---- C:\WINDOWS\system32\rhttpaa.dll
    2008-08-26 16:19:56 ----N---- C:\WINDOWS\system32\rasqec.dll
    2008-08-26 16:19:53 ----N---- C:\WINDOWS\system32\qutil.dll
    2008-08-26 16:19:48 ----N---- C:\WINDOWS\system32\qcliprov.dll
    2008-08-26 16:19:48 ----N---- C:\WINDOWS\system32\qagentrt.dll
    2008-08-26 16:19:48 ----N---- C:\WINDOWS\system32\qagent.dll
    2008-08-26 16:19:42 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
    2008-08-26 16:19:34 ----N---- C:\WINDOWS\system32\onex.dll
    2008-08-26 16:19:00 ----N---- C:\WINDOWS\system32\napstat.exe
    2008-08-26 16:19:00 ----N---- C:\WINDOWS\system32\napmontr.dll
    2008-08-26 16:19:00 ----N---- C:\WINDOWS\system32\napipsec.dll
    2008-08-26 16:18:58 ----N---- C:\WINDOWS\system32\msxml6r.dll
    2008-08-26 16:18:58 ----N---- C:\WINDOWS\system32\msxml6.dll
    2008-08-26 16:18:54 ----N---- C:\WINDOWS\system32\msshavmsg.dll
    2008-08-26 16:18:54 ----N---- C:\WINDOWS\system32\mssha.dll
    2008-08-26 16:18:37 ----N---- C:\WINDOWS\system32\mmcperf.exe
    2008-08-26 16:18:36 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
    2008-08-26 16:18:36 ----N---- C:\WINDOWS\system32\mmcex.dll
    2008-08-26 16:18:36 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
    2008-08-26 16:18:20 ----N---- C:\WINDOWS\system32\l2gpstore.dll
    2008-08-26 16:18:19 ----N---- C:\WINDOWS\system32\kmsvc.dll
    2008-08-26 16:18:17 ----N---- C:\WINDOWS\system32\kbdpash.dll
    2008-08-26 16:18:17 ----N---- C:\WINDOWS\system32\kbdnepr.dll
    2008-08-26 16:18:17 ----N---- C:\WINDOWS\system32\kbdiultn.dll
    2008-08-26 16:18:16 ----N---- C:\WINDOWS\system32\kbdbhc.dll
    2008-08-26 16:17:46 ----A---- C:\WINDOWS\005642_.tmp
    2008-08-26 16:17:42 ----N---- C:\WINDOWS\system32\eapsvc.dll
    2008-08-26 16:17:42 ----N---- C:\WINDOWS\system32\eapqec.dll
    2008-08-26 16:17:42 ----N---- C:\WINDOWS\system32\eappprxy.dll
    2008-08-26 16:17:42 ----N---- C:\WINDOWS\system32\eapphost.dll
    2008-08-26 16:17:42 ----N---- C:\WINDOWS\system32\eappgnui.dll
    2008-08-26 16:17:42 ----N---- C:\WINDOWS\system32\eappcfg.dll
    2008-08-26 16:17:42 ----N---- C:\WINDOWS\system32\eapp3hst.dll
    2008-08-26 16:17:42 ----N---- C:\WINDOWS\system32\eapolqec.dll
    2008-08-26 16:17:35 ----N---- C:\WINDOWS\system32\dot3ui.dll
    2008-08-26 16:17:35 ----N---- C:\WINDOWS\system32\dot3svc.dll
    2008-08-26 16:17:35 ----N---- C:\WINDOWS\system32\dot3msm.dll
    2008-08-26 16:17:35 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
    2008-08-26 16:17:35 ----N---- C:\WINDOWS\system32\dot3dlg.dll
    2008-08-26 16:17:35 ----N---- C:\WINDOWS\system32\dot3cfg.dll
    2008-08-26 16:17:35 ----N---- C:\WINDOWS\system32\dot3api.dll
    2008-08-26 16:17:30 ----N---- C:\WINDOWS\system32\dimsroam.dll
    2008-08-26 16:17:30 ----N---- C:\WINDOWS\system32\dimsntfy.dll
    2008-08-26 16:17:29 ----N---- C:\WINDOWS\system32\dhcpqec.dll
    2008-08-26 16:17:21 ----N---- C:\WINDOWS\system32\credssp.dll
    2008-08-26 16:17:09 ----N---- C:\WINDOWS\system32\bitsprx4.dll
    2008-08-26 16:17:09 ----N---- C:\WINDOWS\system32\azroles.dll
    2008-08-26 16:16:50 ----N---- C:\WINDOWS\system32\aaclient.dll
    2008-08-26 15:39:57 ----D---- C:\WINDOWS\system32\CatRoot_bak
    2008-08-24 17:05:56 ----D---- C:\WINDOWS\MSREMOTE.SFS
    2008-08-15 03:07:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2008-08-15 03:07:32 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2008-08-15 03:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
    2008-08-15 03:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2008-08-15 03:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2008-08-15 03:04:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2008-08-15 03:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2008-07-09 08:56:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2008-07-04 12:03:14 ----D---- C:\Program Files\Common Files\supportsoft
    2008-07-04 12:01:57 ----A---- C:\WINDOWS\system32\acXMLParser.dll
    2008-07-04 12:01:52 ----A---- C:\WINDOWS\system32\cdintf300.dll
    2008-07-04 11:54:57 ----D---- C:\Program Files\Common Files\Intuit
    2008-07-04 11:54:57 ----D---- C:\Documents and Settings\All Users\Application Data\Intuit
    2008-07-04 11:52:35 ----D---- C:\Documents and Settings\All Users\Application Data\COMMON FILES
    2008-07-04 11:42:57 ----RSD---- C:\WINDOWS\assembly
    2008-07-04 11:41:30 ----D---- C:\WINDOWS\Microsoft.NET
    2008-07-04 11:23:45 ----D---- C:\Documents and Settings\David Dumbrell\Application Data\Download Manager
    2008-07-04 11:23:39 ----D---- C:\Program Files\Akamai
    2008-06-22 17:07:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

    List of drivers

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-20 26944]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-20 78416]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-20 42912]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
    R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
    R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
    R1 SiSkp;SiSkp; C:\WINDOWS\system32\drivers\srvkp.sys [2002-04-03 5760]
    R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\System32\Drivers\tmtdi.sys [2005-01-18 35456]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-20 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-20 94416]
    R2 SVKP;SVKP; \??\C:\WINDOWS\System32\SVKP.sys []
    R2 tm_cfw;Common Firewall Driver; C:\WINDOWS\System32\Drivers\tm_cfw.sys [2005-01-18 838870]
    R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
    R2 Tmpreflt;Tmpreflt; C:\WINDOWS\system32\drivers\Tmpreflt.sys [2005-02-18 25088]
    R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-06-12 654604]
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-20 23152]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-10-07 9856]
    R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
    R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
    R3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2002-04-29 192640]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
    S2 BDRSDRV;BDRSDRV; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
    S2 Tmfilter;Tmfilter; C:\WINDOWS\system32\drivers\TmXPFlt.sys [2005-02-18 183808]
    S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS); C:\WINDOWS\System32\DRIVERS\alcan5ln.sys [2002-05-03 36960]
    S3 alcan5wn;Alcatel SpeedTouch(tm) USB ADSL PPPoA Networking Driver (NDIS); C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [2000-12-14 42880]
    S3 alcaudsl;Alcatel Speed Touch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2002-05-03 735568]
    S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys []
    S3 BDFSDRV;BDFSDRV; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
    S3 brfilt;Brother MFC Filter Driver; C:\WINDOWS\System32\Drivers\Brfilt.sys [2001-08-17 2944]
    S3 brparimg;Brother Multi Function Parallel Image driver; C:\WINDOWS\System32\DRIVERS\BrParImg.sys [2001-08-17 3168]
    S3 BrParWdm;Brother WDM Parallel Driver; C:\WINDOWS\System32\Drivers\BrParwdm.sys [2001-08-17 39552]
    S3 BrSerWDM;Brother WDM Serial driver; C:\WINDOWS\System32\Drivers\BrSerWdm.sys [2004-11-23 61440]
    S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
    S3 mf;mf; C:\WINDOWS\System32\DRIVERS\mf.sys [2008-04-14 63744]
    S3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver; C:\WINDOWS\System32\DRIVERS\ntspppoe.sys [2002-03-06 161640]
    S3 RAWESR;RAWESR; \??\C:\PROGRA~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS []
    S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
    S3 TAPBIND;TAPBIND; \??\C:\PROGRA~1\EFFICI~1\ENTERN~1\app\TAPBIND1.SYS []
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    List of services

    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-20 16056]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-20 147640]
    R2 brmfbags;Brother BidiAgent Service for Resource manager; C:\WINDOWS\system32\BrmfBAgS.exe [2004-09-10 53248]
    R2 ServiceSB4;ServiceSB4; C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe [2007-05-30 562584]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-20 250040]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-24 348344]
    S2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe []
    S2 PPPoEService;PPPoE Service; C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe []
    S2 Tmntsrv;Trend NT Realtime Service; C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe []
    S2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe []
    S2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe []
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-07 137200]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2005-11-23 89792]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

    -----------------EOF-----------------

  7. #7
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi Willy_J
    Don't worry , you’ve done a good job so
    Please send the log from the ComboFix scan located at C:\ComboFix.txt

    A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


    1 - Download and Run LSPFix

    1. Please download LSPFix from here.
    2. Run the LSPFix.exe that you have just finished downloading.
    3. Check the "I know what I'm doing" box.
    4. In the Keep box you should see one or more instances of ntdll64.dll.
    5. Select every instance of ntdll64.dll and move each one to the Remove box by clicking the ">>" button.
    6. When you are done click "Finish>>".


    2 - Remove bad HijackThis entries
    • Run HijackThis
    • Click on the Scan button
    • Put a check beside all of the items listed below (if present):

      • O4 - HKCU\..\Run: [SysHlpApl] C:\WINDOWS\system32\tedatkng.exe
        O4 - HKCU\..\Run: [ChkSmart] C:\WINDOWS\system32\zunypsrw.exe
        O4 - HKCU\..\Run: [dscwin] C:\WINDOWS\system32\rebczgfq.exe
        O4 - HKLM\..\Policies\Explorer\Run: [t5F7z2C0Tv] C:\Documents and Settings\All Users\Application Data\jqnsvwxq\dyjkjmhk.exe
        O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm395XXAU

    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.


    Reboot your computer to complete the process.

    3 - OTMoveIt2
    Please download OTMoveIt2.exe by OldTimer and save it to your desktop.
    • Double click on OTMoveIt2.exe to run it.
    • Click the Run...button at the security warning prompt, if given.
    • Copy / paste all the entries in the Code box below, to the OTMoveIt..."Paste List of Files/Folders to Move" window.
      Note: Use the Copy/Paste function...do not manually type the entries...to avoid any typos.
      Code:
      kill explorer
      C:\Documents and Settings\All Users\Application Data\jqnsvwxq
      C:\WINDOWS\system32\tedatkng.exe
      C:\WINDOWS\system32\zunypsrw.exe
      C:\WINDOWS\system32\rebczgfq.exe
      C:\WINDOWS\ntbtlog.txt
      C:\WINDOWS\system32\locate.com
      C:\WINDOWS\system32\zwdidcjy.exe
      C:\WINDOWS\system32\bermvgrs.exe
      C:\WINDOWS\005642_.tmp
      start explorer
    • Click on the MoveIt!...button.
      The Results window (under the green bar) will contain the results of the operation.
    • Click the Exit...button, when done.


    Note: If a file or folder can't be moved immediately, you may asked to restart your computer. Please choose Yes.
    The "results" log will be automatically saved to... C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
    where mmddyyyy_hhmmss = date and time, when the log was created.

    Please copy/paste this log file contents into your next reply.

    4 - Download and Run DAFT

    Download DAFT by Deckard to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
    • Right-click daft.exe and select Run as administrator to start the program then press OK when the disclaimer appears.
    • Press the Scan button, place a checkmark in any boxes that appear, then press Fix
    • Press scan again, you should receive the notice "All associations okay!" - if so, press OK and close the program
    • If you do not receive the notice, press Save Log and save the report as daft.txt to your Desktop and post a copy with your next response.


    5 - Run Hijackthis
    Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

    6 - Status Check
    Please reply with

    1.the C:\ComboFix.txt
    2. the OTMoveIt2 log
    3.the daft.txt
    4. a fresh HijackThis log
    description of any problems you are having with your PC

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  8. #8
    Junior Member
    Join Date
    Sep 2008
    Posts
    9

    Default

    Peku006,
    I have to say that judging by the tools we are using this is one ugly thing that got onto the computer.

    I have completed the tasks you have given me.

    There was 1 example of the ntdll64.dll that was removed by lspfix.

    HJT successfully removed the items you listed, and I rebooted afterwards.

    OtMoveIt2 had a few errors come up - I assume nothing major - the log file is below anyway. It did not ask for a reboot.

    Daft found four items to fix, and on the second scan all was ok. Following your instructions therefore I have not saved a log.

    In relation to the combofix log, it is old. I ran it when looking through other help pages on a general fix-it web site and then got firmly smacked around the back of the head from another forum! I have not recevied any instructions to run it in this thread.

    Anyway - thanks for your help - the logs are below. I will wait to hear from you again before I connect back up to the internet.

    Cheers,
    -Will.


    ComboFix 08-09-04.08 - David Dumbrell 2008-09-06 20:00:51.3 - NTFSx86
    Running from: C:\Documents and Settings\David Dumbrell\Desktop\ComboFix.exe
    .
    The following files were disabled during the run:
    C:\Program Files\Axaware\SpamBully 4 for Outlook Express\hookoecreation.dll


    ((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))
    .

    2008-09-06 19:57 . 2008-09-06 19:57 90,112 --a------ C:\WINDOWS\system32\nihwfity.exe
    2008-09-06 19:23 . 2008-09-06 19:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2008-09-06 19:15 . 2008-09-06 19:15 90,112 --a------ C:\WINDOWS\system32\ylahgzqp.exe
    2008-09-05 20:11 . 2005-01-14 12:41 11,254 --a------ C:\WINDOWS\system32\locate.com
    2008-09-05 20:10 . 2008-09-05 20:12 <DIR> d-------- C:\MGtools
    2008-09-05 20:10 . 2008-09-05 20:12 45,724 --a------ C:\MGlogs.zip
    2008-09-04 22:04 . 2008-09-04 22:04 1,266,683 --a------ C:\MGtools.exe
    2008-09-04 21:26 . 2008-09-04 21:24 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2008-09-04 21:24 . 2008-09-04 21:27 <DIR> d-------- C:\Documents and Settings\David Dumbrell\.housecall6.6
    2008-09-04 21:23 . 2008-09-04 21:23 <DIR> d-------- C:\WINDOWS\Sun
    2008-09-04 21:16 . 2008-09-04 21:16 <DIR> d-------- C:\Program Files\Three Rings Design
    2008-09-04 21:16 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-09-04 21:12 . 2008-09-04 21:15 <DIR> d-------- C:\Program Files\Java
    2008-09-04 21:11 . 2008-09-04 21:11 <DIR> d-------- C:\Program Files\Common Files\Java
    2008-09-04 21:00 . 2008-09-04 21:08 <DIR> d-------- C:\WINDOWS\BDOSCAN8
    2008-09-04 20:59 . 2008-09-04 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-09-04 20:53 . 2008-09-04 20:55 <DIR> d-------- C:\Program Files\CCleaner
    2008-09-03 19:02 . 2008-09-03 19:02 86,016 --a------ C:\WINDOWS\system32\zwdidcjy.exe.dont trust
    2008-09-02 19:18 . 2008-09-02 19:18 86,016 --a------ C:\WINDOWS\system32\bermvgrs.exe.dont trust
    2008-09-01 21:28 . 2008-09-01 21:28 <DIR> d-------- C:\Documents and Settings\Noelene\Application Data\SUPERAntiSpyware.com
    2008-09-01 21:21 . 2008-09-01 21:21 <DIR> d-------- C:\Documents and Settings\Noelene\Application Data\Malwarebytes
    2008-08-30 16:41 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-30 14:50 . 2008-08-30 14:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\jqnsvwxq
    2008-08-30 14:49 . 2008-08-30 19:40 <DIR> d-------- C:\Program Files\SAV
    2008-08-27 18:51 . 2008-06-13 21:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-08-27 18:49 . 2008-04-12 05:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2008-08-27 18:49 . 2008-05-09 00:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-08-27 14:53 . 2008-08-27 14:53 <DIR> d-------- C:\WINDOWS\system32\scripting
    2008-08-27 14:53 . 2008-08-27 14:53 <DIR> d-------- C:\WINDOWS\system32\en
    2008-08-27 14:53 . 2008-08-27 14:53 <DIR> d-------- C:\WINDOWS\l2schemas
    2008-08-26 16:20 . 2008-04-14 10:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
    2008-08-26 16:20 . 2008-04-14 10:12 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
    2008-08-26 16:20 . 2008-04-14 10:12 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll
    2008-08-26 16:20 . 2008-04-14 10:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
    2008-08-26 16:20 . 2008-04-14 10:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
    2008-08-26 16:20 . 2008-04-14 10:12 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
    2008-08-26 16:20 . 2008-04-14 10:12 50,688 --------- C:\WINDOWS\system32\tspkg.dll
    2008-08-26 16:20 . 2008-04-14 10:12 32,768 --------- C:\WINDOWS\system32\setupn.exe
    2008-08-26 16:20 . 2008-04-14 04:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
    2008-08-26 16:19 . 2008-04-14 10:12 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll
    2008-08-26 16:19 . 2008-04-14 10:12 291,328 --------- C:\WINDOWS\system32\qagentrt.dll
    2008-08-26 16:19 . 2008-04-14 10:12 193,024 --------- C:\WINDOWS\system32\napmontr.dll
    2008-08-26 16:19 . 2008-04-14 10:12 176,640 --------- C:\WINDOWS\system32\napstat.exe
    2008-08-26 16:19 . 2008-04-14 10:12 150,528 --------- C:\WINDOWS\system32\qagent.dll
    2008-08-26 16:19 . 2008-04-14 10:12 144,384 --------- C:\WINDOWS\system32\onex.dll
    2008-08-26 16:19 . 2008-04-14 10:12 76,800 --------- C:\WINDOWS\system32\qutil.dll
    2008-08-26 16:19 . 2008-04-14 10:12 62,464 --------- C:\WINDOWS\system32\qcliprov.dll
    2008-08-26 16:19 . 2008-04-14 10:12 61,952 --------- C:\WINDOWS\system32\rasqec.dll
    2008-08-26 16:19 . 2008-04-14 10:12 30,208 --------- C:\WINDOWS\system32\napipsec.dll
    2008-08-26 16:17 . 2008-04-14 10:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
    2008-08-26 16:16 . 2008-04-14 10:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
    2008-08-26 15:39 . 2008-08-27 15:40 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-08-24 18:09 . 2008-08-24 18:09 35,262 --a------ C:\WINDOWS\Noelene.acl
    2008-08-24 17:46 . 2008-08-24 17:46 <DIR> d-------- C:\New Folder
    2008-08-24 17:23 . 2008-08-24 17:23 12,843 --a------ C:\ddaddress book.csv
    2008-08-24 17:05 . 2008-08-24 17:05 <DIR> d-------- C:\WINDOWS\MSREMOTE.SFS
    2008-08-22 10:27 . 2008-08-22 10:27 <DIR> dr------- C:\Documents and Settings\Noelene\Application Data\Brother
    2008-08-21 18:48 . 2008-09-02 19:08 <DIR> d-------- C:\Documents and Settings\Noelene
    2008-08-14 05:45 . 2008-05-02 00:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-06 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-05 09:40 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-05 05:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-09-05 05:48 --------- d-----w C:\Program Files\SUPERAntiSpyware
    2008-09-04 10:55 --------- d-----w C:\Program Files\Yahoo!
    2008-09-01 14:16 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-30 07:26 --------- d-----w C:\Documents and Settings\David Dumbrell\Application Data\MSN6
    2001-02-05 05:00 30,848 ----a-w C:\Documents and Settings\David Dumbrell\cnmss3d.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-09-05_20.06.05.12 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-09-06 09:55:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_47c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 68856]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-05 1576176]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "AplAct"="C:\WINDOWS\system32\ylahgzqp.exe" [2008-09-06 90112]
    "shwinact"="C:\WINDOWS\system32\nihwfity.exe" [2008-09-06 90112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-04-26 102400]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
    "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
    "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2002-12-10 77824]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-20 78008]
    "SetDefPrt"="C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152]
    "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "t5F7z2C0Tv"="C:\Documents and Settings\All Users\Application Data\jqnsvwxq\dyjkjmhk.exe" [2008-08-30 65536]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-07-27 113664]
    Billminder.lnk - C:\Program Files\QUICKENW\billmind.exe [2005-08-05 25600]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-03-27 106560]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-04 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-08-27 09:35 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "mnthlpdb"=C:\WINDOWS\system32\vyrihovk.exe
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
    "setchk"=C:\WINDOWS\system32\xejkxuxm.exe
    "DscWin"=C:\WINDOWS\system32\ibszgdqd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
    "SoundMan"=SOUNDMAN.EXE
    "NeroCheck"=C:\WINDOWS\System32\NeroCheck.exe
    "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k
    "lphc980j0en73"=C:\WINDOWS\system32\lphc980j0en73.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1129:UDP"= 1129:UDP:Windows Media Format SDK (iexplore.exe)
    "1128:UDP"= 1128:UDP:Windows Media Format SDK (iexplore.exe)

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-20 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-20 20560]
    R2 ServiceSB4;ServiceSB4;C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe [2007-05-30 562584]
    R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2004-04-18 2368]
    R3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 2944]
    R3 brparimg;Brother Multi Function Parallel Image driver;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 3168]
    R3 BrParWdm;Brother WDM Parallel Driver;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-17 39552]
    R3 BrSerWDM;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2004-11-23 61440]
    S2 PPPoEService;PPPoE Service;C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe [ ]
    S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-05-03 36960]
    S3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;C:\WINDOWS\system32\DRIVERS\ntspppoe.sys [2002-03-06 161640]
    S3 RAWESR;RAWESR;C:\PROGRA~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS [ ]
    S3 TAPBIND;TAPBIND;C:\PROGRA~1\EFFICI~1\ENTERN~1\app\TAPBIND1.SYS [ ]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\David Dumbrell\Application Data\Mozilla\Firefox\Profiles\55ndyv1s.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.theage.com.au/
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-06 20:04:41
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\Program Files\Axaware\SpamBully 4 for Outlook Express\hookoecreation.dll

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\Program Files\Axaware\SpamBully 4 for Outlook Express\hookoecreation.dll

    PROCESS: C:\WINDOWS\system32\csrss.exe
    -> C:\Program Files\Axaware\SpamBully 4 for Outlook Express\hookoecreation.dll
    .
    Completion time: 2008-09-06 20:08:08
    ComboFix-quarantined-files.txt 2008-09-06 10:07:57
    ComboFix2.txt 2008-09-06 04:01:26
    ComboFix3.txt 2008-09-05 10:06:49

    Pre-Run: 21,605,363,712 bytes free
    Post-Run: 21,596,024,832 bytes free

    193 --- E O F --- 2008-08-28 04:15:25

    ----------------

    File/Folder kill explorer not found.
    C:\Documents and Settings\All Users\Application Data\jqnsvwxq moved successfully.
    File/Folder C:\WINDOWS\system32\tedatkng.exe not found.
    File/Folder C:\WINDOWS\system32\zunypsrw.exe not found.
    File/Folder C:\WINDOWS\system32\rebczgfq.exe not found.
    C:\WINDOWS\ntbtlog.txt moved successfully.
    C:\WINDOWS\system32\locate.com moved successfully.
    File/Folder C:\WINDOWS\system32\zwdidcjy.exe not found.
    File/Folder C:\WINDOWS\system32\bermvgrs.exe not found.
    C:\WINDOWS\005642_.tmp moved successfully.
    File/Folder start explorer not found.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09162008_172815

    -------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:32:41 PM, on 16/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\BrmfBAgS.exe
    C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theage.com.au/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.searching-4u.com/search_page.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\billmind.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe (file missing)
    O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe (file missing)
    O23 - Service: ServiceSB4 - Axaware - C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe (file missing)
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe (file missing)
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe (file missing)
    O24 - Desktop Component 0: (no name) - http://www.perpetual.com.au/images/topimage.gif
    O24 - Desktop Component 1: (no name) - https://my.bigpond.com/res/images/v7...bg_content.gif

    --
    End of file - 9185 bytes

  9. #9
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi Willy_J
    You’ve done a good job so far, looks much better, Is problem away ?

    1 - Clean temp files

    • Download and Run ATF Cleaner
      Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

      Under Main choose:
      • Windows Temp
        Current User Temp
        All Users Temp
        Temporary Internet Files
        Prefetch
        Java Cache

        *The other boxes are optional*
        Then click the Empty Selected button.

      if you use Firefox:
      • Click Firefox at the top and choose: Select All
        Click the Empty Selected button.
        NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

      if you use Opera:
      • Click Opera at the top and choose: Select All
        Click the Empty Selected button.
        NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


      Click Exit on the Main menu to close the program


    2 - Kaspersky Online Scan

    Please go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply.


    3 - Run Hijackthis
    Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

    4 - Status Check
    Please reply with


    1. the Kaspersky online scanner report
    2. a fresh HijackThis log

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  10. #10
    Junior Member
    Join Date
    Sep 2008
    Posts
    9

    Default

    Peku006,
    it will take me a couple of days to get back to you on this.
    I've had the pc in at work but will take it home to re-connect to the internet. (Boss is a little concerned about having sick computer on office network).
    Will post before the end of the week.
    Cheers,
    -Will.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •