0

Hello,

My avast detected loads of trojans - about 30. I ran super advance spyware and found Trojan.smitfraudvariant-Gen/bensorty and Trojan.csrssc/systemc-b

SAS seems to have got rid of those. I then ran malware bytes antimalware and got rid of a load of trojans. I can't, however, get rid of something called Trojan.bho - malwarebytes says it will get rid of it on reboot but doesn't seem to. (I looked this trojan up and it hijacks your internet browser- ie keeps opening by itself)

malwarebytes log:

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 2

12/16/2008 19:15:01
mbam-log-2008-12-16 (19-15-01).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 102038
Time elapsed: 1 hour(s), 53 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I have a Hijack log too:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:49, on 12/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\TEMP\LOCALS~1\Temp\winlogin.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2330732082-328408858-4259249450-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: VersionTrackerPro.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://eparshotam.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compo...EngineQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsof...b?1229385253289
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1229385240480
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://eparshotam.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe (file missing)

--
End of file - 6290 bytes

So, I'm guessing/hoping that I just need to work out how to get rid of Trojan.bho and that it won't be too hard to delete.

Any help would be very much appreciated, thanks.
Ed

4
Contributors
14
Replies
15
Views
8 Years
Discussion Span
Last Post by crunchie
0

Hi and welcome to the Daniweb forums :).

==========

Update MBAM and run it again please.

Reboot when done and post a new MBAM log and a fresh hijackthis log.

-1

Hijackthis should solve your problem... you may also want to try Spybot which you can get for free from download.com. Spybot has a built in feature for IE and many of its problems. The last and final thing you should do. DITCH IE!!! Go with firefox, safari, or Netscape. Firefox being your best choice. It will eliminate soooo many problems.

Votes + Comments
Hijackthis can solve a virus!
0

Hi, I don't really use ie so might as well uninstall it I guess. I did the malwarebytes update and it also found Trojan.Agent, which it manage to quarantine and delete.

Here's malwarebytes log:

Malwarebytes' Anti-Malware 1.31
Database version: 1512
Windows 5.1.2600 Service Pack 2

12/18/2008 01:21:54
mbam-log-2008-12-18 (01-21-54).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 103014
Time elapsed: 1 hour(s), 38 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{A846CC6E-CB83-4655-96CB-08D71FE276CA}\RP8\A0004276.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:48:40, on 12/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\TEMP\LOCALS~1\Temp\winlogin.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2330732082-328408858-4259249450-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: VersionTrackerPro.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://eparshotam.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229385253289
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229385240480
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://eparshotam.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe (file missing)

--
End of file - 6147 bytes

When I reboot malwarebytes thinks its being used for the first time, and, therefore, not dealing with trojan.bho.

Thanks so much, really appreciate the help.
Ed

0

Alright, Sounds like Malwarebytes has fixed the problem.. There are still a few things that need to be done.

==============
First

Pls go to www.java.com and update your java. As it is way out of date.

==============

Second

Can you pls open HJT, and run a scan only!
Find the O4 - Global Startup: VersionTrackerPro.lnk = ? entry and mark a it.
Then click Fix it.
Once you have done that, rescan, save the log and post it in a reply.

===========

Post back with the new HJT log, just so we can make sure everything has been taken care of.

Thanks,

Cohen

0

When I reboot malwarebytes thinks its being used for the first time, and, therefore, not dealing with trojan.bho.

Thanks so much, really appreciate the help.
Ed

No worries. When I get home from work I will let you know what to remove with hijackthis. There is still a nasty on board.

Remember to go to add/remove programs and remove all things Java before installing the latest version, otherwise you end up with a lot of separate installs taking up your HD.

0

Can you please do the following.


===============

Scan with HijackThis and then place a check next to all the following, if present:


O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\TEMP\LOCALS~1\Temp\winlogin.exe
O4 - Global Startup: VersionTrackerPro.lnk = ?


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

C:\DOCUME~1\TEMP\LOCALS~1\Temp\winlogin.exe

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

0

Hello. OK I've done all that.

Hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:05, on 12/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2330732082-328408858-4259249450-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://eparshotam.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229385253289
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229385240480
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://eparshotam.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe (file missing)

--
End of file - 6435 bytes


Couldn't find that file despite having 'show hidden files' on.
Will fixing those 2 items on the hijack list have got rid of the trojan.bho that comes up on malwarebytes? It's not removing it on reboot..
Thanks.

0

Hello. OK I've done all that.

Couldn't find that file despite having 'show hidden files' on.
Will fixing those 2 items on the hijack list have got rid of the trojan.bho that comes up on malwarebytes? It's not removing it on reboot..
Thanks.

Alright sounds like it is still there.

As for the Entries, they are to fix a few things on your PC, but not necessarily for the trojan.

Pls do the following:

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Thanks,

Cohen

0

trojan.bho that comes up on malwarebytes? It's not removing it on reboot..
Thanks.

Try running MBAM in safe mode to see if it can get rid of it permanently that way.

Post the log when it is done.

==

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program

0

Hi crunchie and cohen,

I've done what both of you said. Managed to delete trojan.bho! safe mode worked. Here's the log:

Malwarebytes' Anti-Malware 1.31
Database version: 1512
Windows 5.1.2600 Service Pack 2

2008-12-18 15:41:36
mbam-log-2008-12-18 (15-41-36).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 98821
Time elapsed: 2 hour(s), 13 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Comboxfix log:

ComboFix 08-12-17.01 - Oem Student 2008-12-18 12:51:55.2 - NTFSx86

Running from: c:\documents and settings\TEMP\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com\Spyware & Adware Remover\BPS Remover\BPS Spyware-Adware Remover.lnk
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com\Spyware & Adware Remover\BPS Remover\Help.lnk
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com\Spyware & Adware Remover\BPS Remover\Uninstall.lnk
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com\Spyware & Adware Remover\Help.lnk
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com\Spyware & Adware Remover\Spyware & Adware Remover.lnk
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com\Spyware & Adware Remover\Uninstall.lnk
c:\program files\BulletProofSoft.com
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\Box.bps
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\BPSRem.exe
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\Core.dll
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\DataBase.ini
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\DB.fix
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\DB1.bps
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\DB2.bps
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\DB3.bps
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\DB4.bps
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\DB5.bps
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\English.inf
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\English.jpg
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\Errors.txt
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\Espanol.inf
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\Espanol.jpg
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\EXCLUDEL.DAT
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\exList.dat
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\FixConf.exe
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\Francais.inf
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\Francais.jpg
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\guard.bps
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\Help.chm
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\home.bps
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\hosts
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\Ignorelst98
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\Ignorelstxp
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\Italiano.inf
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\Italiano.jpg
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\Mask.skn
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\Purchase.bps
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\Scan Session.txt
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\scanning.bps
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\skins\Adware Cops.info
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\skins\Adware Cops.jpg
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\skins\Adware Cops.skn
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\skins\Adware Cops.spl
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\skins\Adware Cops.swf
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\Splash.spl
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\unins000.dat
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\unins000.exe
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\unins001.dat
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\unins001.exe
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\update.cli
c:\program files\BulletProofSoft.com\BPS Spyware & Adware Remover\update.exe
c:\windows\system32\dmadmin.exe
c:\windows\system32\msctfp.dll
c:\windows\system32\msdart.dll
c:\windows\system32\raschap.dll
c:\windows\system32\rasmans.dll
c:\windows\system32\slextspk.dll
c:\windows\system32\slgen.dll
c:\windows\system32\webvw.dll
c:\windows\system32\wiaacmgr.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISEXENG
-------\Legacy_ZESOFT
-------\Legacy_ISEXENG
-------\Legacy_ZESOFT


((((((((((((((((((((((((( Files Created from 2008-11-18 to 2008-12-18 )))))))))))))))))))))))))))))))
.

2008-12-18 13:06 . 2008-12-18 13:06 <DIR> d-------- c:\documents and settings\Oem Student.EDWARD_P
2008-12-18 12:04 . 2004-08-04 00:56 286,792 --a------ c:\windows\SYSTEM32\slextspk.dll
2008-12-18 12:04 . 2004-08-04 00:56 188,508 --a------ c:\windows\SYSTEM32\slgen.dll
2008-12-18 09:01 . 2008-12-18 09:01 664 --a------ c:\windows\SYSTEM32\d3d9caps.dat
2008-12-18 08:59 . 2008-12-18 08:58 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2008-12-16 19:28 . 2008-12-16 19:28 <DIR> d-------- c:\program files\Trend Micro
2008-12-16 11:54 . 2008-12-16 11:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-16 11:54 . 2008-12-16 11:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-16 11:54 . 2008-12-03 19:52 38,496 --a------ c:\windows\SYSTEM32\drivers\mbamswissarmy.sys
2008-12-16 11:54 . 2008-12-03 19:52 15,504 --a------ c:\windows\SYSTEM32\drivers\mbam.sys
2008-12-16 09:33 . 2008-12-16 09:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-16 09:32 . 2008-12-16 09:32 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-16 09:30 . 2008-12-16 09:30 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-16 06:39 . 2004-09-29 10:46 155,648 -ra------ c:\windows\SYSTEM32\igfxres.dll
2008-12-16 05:27 . 2007-06-11 23:04 2,267,368 --a------ c:\windows\SYSTEM32\Flash.ocx
2008-12-16 05:27 . 2002-03-04 12:27 1,140,472 --a------ c:\windows\SYSTEM32\IGUltraGrid20.ocx
2008-12-16 05:27 . 2004-05-11 09:56 423,784 --a------ c:\windows\SYSTEM32\XceedBkp.dll
2008-12-16 05:27 . 2004-02-05 20:53 389,120 --a------ c:\windows\SYSTEM32\ACTSKN43.OCX
2008-12-16 05:27 . 2001-07-28 12:50 265,753 --a------ c:\windows\SYSTEM32\AS-Exp2.ocx
2008-12-16 05:27 . 2004-01-09 10:54 188,416 --a------ c:\windows\SYSTEM32\actsplash.ocx
2008-12-16 05:27 . 2004-03-08 23:00 131,856 --a------ c:\windows\SYSTEM32\MSADODC.ocx
2008-12-16 05:27 . 2001-03-28 22:02 89,088 --a------ c:\windows\SYSTEM32\ProgressBar4.ocx
2008-12-16 05:27 . 2001-04-20 01:28 28,672 --a------ c:\windows\SYSTEM32\systray.ocx
2008-12-16 05:27 . 1999-01-26 20:36 11,012 --a------ c:\windows\SYSTEM32\threadapi.tlb
2008-12-16 05:27 . 2006-05-31 16:38 10,752 --a------ c:\windows\SYSTEM32\md5.dll
2008-12-16 05:17 . 2008-12-16 05:27 <DIR> d-------- c:\program files\Spinach AntiSpyware
2008-12-16 04:45 . 2008-12-16 04:45 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-16 04:45 . 2008-12-16 04:45 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-16 04:45 . 2008-12-16 04:45 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-16 04:45 . 2008-12-16 04:45 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-16 04:16 . 2008-12-16 04:16 <DIR> d--hs---- C:\found.001
2008-12-16 03:45 . 2008-12-16 03:51 <DIR> d-------- C:\SWSetup
2008-12-15 23:54 . 2004-08-04 12:00 1,134,592 --a------ c:\windows\SYSTEM32\wuaueng.dll
2008-12-15 23:54 . 2004-08-04 12:00 430,592 --a------ c:\windows\SYSTEM32\wuapi.dll
2008-12-15 23:54 . 2004-08-04 12:00 162,304 --a------ c:\windows\SYSTEM32\wuaucpl.cpl
2008-12-15 23:54 . 2004-08-04 12:00 120,320 --a------ c:\windows\SYSTEM32\wuweb.dll
2008-12-15 23:54 . 2004-08-04 12:00 112,640 --a------ c:\windows\SYSTEM32\wucltui.dll
2008-12-15 23:54 . 2004-08-04 12:00 111,104 --a------ c:\windows\SYSTEM32\wuauclt.exe
2008-12-15 23:54 . 2004-08-04 12:00 66,560 --a------ c:\windows\SYSTEM32\cdm.dll
2008-12-15 22:48 . 2008-12-15 22:48 135,168 --a------ c:\windows\SYSTEM32\icfgnt532.dll
2008-12-15 22:44 . 2008-12-15 22:48 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-15 22:44 . 2008-12-18 12:21 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-15 22:44 . 2008-08-25 12:36 81,288 --a------ c:\windows\SYSTEM32\drivers\iksyssec.sys
2008-12-15 22:44 . 2008-08-25 12:36 66,952 --a------ c:\windows\SYSTEM32\drivers\iksysflt.sys
2008-12-15 22:44 . 2008-08-25 12:36 40,840 --a------ c:\windows\SYSTEM32\drivers\ikfilesec.sys
2008-12-15 22:44 . 2008-06-02 16:19 29,576 --a------ c:\windows\SYSTEM32\drivers\kcom.sys
2008-12-15 22:29 . 2008-12-15 22:29 135,168 --a------ c:\windows\SYSTEM32\dsound3d32.dll
2008-12-15 21:54 . 2004-09-29 10:46 221,184 -ra------ c:\windows\SYSTEM32\igfxeud.dll
2008-12-15 21:54 . 2004-09-29 10:46 151,552 -ra------ c:\windows\SYSTEM32\igfxdiag.exe
2008-12-15 21:54 . 2004-09-29 10:46 122,880 -ra------ c:\windows\SYSTEM32\igfxhk.dll
2008-12-15 21:54 . 2004-09-29 10:46 45,056 -ra------ c:\windows\SYSTEM32\igfxdgps.dll
2008-12-15 21:37 . 2008-12-15 21:38 <DIR> d-------- c:\program files\Driver Magician
2008-12-15 21:37 . 2004-09-28 11:13 526,184 --a------ c:\windows\SYSTEM32\XceedCry.dll
2008-12-15 21:37 . 2005-01-12 11:19 456,536 --a------ c:\windows\SYSTEM32\XCEEDZIP.DLL
2008-12-15 21:37 . 2004-03-09 00:00 224,016 --a------ c:\windows\SYSTEM32\Tabctl32.ocx
2008-12-15 21:37 . 2004-03-09 00:00 152,848 --a------ c:\windows\SYSTEM32\Comdlg32.ocx
2008-12-15 21:37 . 2004-08-11 15:55 110,602 --a------ c:\windows\SYSTEM32\xcdsfx32.bin
2008-12-15 21:29 . 2008-12-15 21:29 <DIR> d-------- c:\program files\TechTracker
2008-12-15 21:11 . 2008-12-15 21:11 <DIR> d-------- C:\IEGD
2008-12-15 21:09 . 2008-12-15 21:10 <DIR> d-------- c:\program files\Driver Checker
2008-12-15 21:09 . 2008-12-03 17:40 81,408 --a------ c:\windows\SYSTEM32\devcon_x64.exe
2008-12-15 21:09 . 2002-11-14 22:32 55,808 --a------ c:\windows\SYSTEM32\devcon.exe
2008-12-15 20:20 . 2004-08-04 12:00 145,792 --a------ c:\windows\SYSTEM32\drivers\portcls.sys
2008-12-15 20:20 . 2004-08-04 12:00 140,928 --a------ c:\windows\SYSTEM32\drivers\ks.sys
2008-12-15 20:20 . 2004-08-04 00:56 130,048 --a------ c:\windows\SYSTEM32\ksproxy.ax
2008-12-15 20:20 . 2004-08-04 12:00 60,288 --a------ c:\windows\SYSTEM32\drivers\drmk.sys
2008-12-15 20:20 . 2004-08-04 12:00 48,640 --a------ c:\windows\SYSTEM32\drivers\stream.sys
2008-12-15 20:20 . 2004-08-04 12:00 23,552 --a------ c:\windows\SYSTEM32\wdmaud.drv
2008-12-15 20:20 . 2004-08-04 00:56 4,096 --a------ c:\windows\SYSTEM32\ksuser.dll
2008-12-15 20:19 . 2008-12-15 20:19 <DIR> d-------- c:\program files\Realtek AC97
2008-12-15 19:32 . 2008-12-15 19:32 12,626 --a------ c:\windows\SYSTEM32\wpa.bak
2008-12-15 19:31 . 2008-10-16 14:13 1,809,944 --a--c--- c:\windows\SYSTEM32\dllcache\wuaueng.dll
2008-12-15 19:31 . 2008-10-16 14:12 561,688 --a--c--- c:\windows\SYSTEM32\dllcache\wuapi.dll
2008-12-15 19:31 . 2008-10-16 14:12 323,608 --a--c--- c:\windows\SYSTEM32\dllcache\wucltui.dll
2008-12-15 19:31 . 2008-10-16 14:12 213,528 --a--c--- c:\windows\SYSTEM32\dllcache\wuaucpl.cpl
2008-12-15 19:31 . 2008-10-16 14:12 202,776 --a--c--- c:\windows\SYSTEM32\dllcache\wuweb.dll
2008-12-15 19:31 . 2008-10-16 14:09 92,696 --a--c--- c:\windows\SYSTEM32\dllcache\cdm.dll
2008-12-15 19:31 . 2008-10-16 14:09 51,224 --a--c--- c:\windows\SYSTEM32\dllcache\wuauclt.exe
2008-12-15 19:31 . 2008-10-16 14:09 43,544 --a------ c:\windows\SYSTEM32\wups2.dll
2008-12-15 19:31 . 2008-10-16 14:08 34,328 --a------ c:\windows\SYSTEM32\wups.dll
2008-12-15 19:31 . 2008-10-16 14:08 34,328 --a--c--- c:\windows\SYSTEM32\dllcache\wups.dll
2008-12-15 19:18 . 2004-08-04 12:00 28,288 --a--c--- c:\windows\SYSTEM32\dllcache\xjis.nls
2008-12-15 19:17 . 2004-08-04 12:00 156,672 --a--c--- c:\windows\SYSTEM32\dllcache\winzm.ime
2008-12-15 19:17 . 2004-08-04 12:00 156,672 --a--c--- c:\windows\SYSTEM32\dllcache\winsp.ime
2008-12-15 19:17 . 2004-08-04 12:00 156,672 --a--c--- c:\windows\SYSTEM32\dllcache\winpy.ime
2008-12-15 19:17 . 2004-08-04 12:00 79,360 --a--c--- c:\windows\SYSTEM32\dllcache\winar30.ime
2008-12-15 19:17 . 2004-08-04 12:00 69,120 --a--c--- c:\windows\SYSTEM32\dllcache\wingb.ime
2008-12-15 19:17 . 2004-08-04 12:00 65,536 --a--c--- c:\windows\SYSTEM32\dllcache\winime.ime
2008-12-15 19:17 . 2004-08-04 12:00 65,536 --a--c--- c:\windows\SYSTEM32\dllcache\wextract.exe
2008-12-15 19:17 . 2004-08-04 12:00 41,600 --a--c--- c:\windows\SYSTEM32\dllcache\weitekp9.dll
2008-12-15 19:17 . 2004-08-04 12:00 31,232 --a--c--- c:\windows\SYSTEM32\dllcache\weitekp9.sys
2008-12-15 19:16 . 2004-08-04 12:00 48,256 --a--c--- c:\windows\SYSTEM32\dllcache\w32.dll
2008-12-15 19:15 . 2004-08-04 12:00 426,041 --a--c--- c:\windows\SYSTEM32\dllcache\voicepad.dll
2008-12-15 19:15 . 2004-08-04 12:00 86,073 --a--c--- c:\windows\SYSTEM32\dllcache\voicesub.dll
2008-12-15 19:14 . 2004-08-04 12:00 571,392 --a--c--- c:\windows\SYSTEM32\dllcache\tintlgnt.ime
2008-12-15 19:14 . 2004-08-04 12:00 455,168 --a--c--- c:\windows\SYSTEM32\dllcache\tintsetp.exe
2008-12-15 19:14 . 2004-08-04 12:00 185,344 --a--c--- c:\windows\SYSTEM32\dllcache\thawbrkr.dll
2008-12-15 19:14 . 2004-08-04 12:00 76,288 --a--c--- c:\windows\SYSTEM32\dllcache\uniime.dll
2008-12-15 19:14 . 2004-08-04 12:00 65,024 --a--c--- c:\windows\SYSTEM32\dllcache\unicdime.ime
2008-12-15 19:14 . 2004-08-04 12:00 44,032 --a--c--- c:\windows\SYSTEM32\dllcache\tintlphr.exe
2008-12-15 19:14 . 2004-08-04 12:00 21,896 --a--c--- c:\windows\SYSTEM32\dllcache\tdipx.sys
2008-12-15 19:14 . 2004-08-04 12:00 19,464 --a--c--- c:\windows\SYSTEM32\dllcache\tdspx.sys
2008-12-15 19:14 . 2004-08-04 12:00 14,336 --a--c--- c:\windows\SYSTEM32\dllcache\tsprof.exe
2008-12-15 19:14 . 2004-08-04 12:00 13,192 --a--c--- c:\windows\SYSTEM32\dllcache\tdasync.sys
2008-12-15 19:14 . 2004-08-04 12:00 10,240 --a--c--- c:\windows\SYSTEM32\dllcache\tmigrate.dll
2008-12-15 19:12 . 2004-08-04 12:00 79,872 --a--c--- c:\windows\SYSTEM32\dllcache\rwia330.dll
2008-12-15 19:12 . 2004-08-04 12:00 79,872 --a--c--- c:\windows\SYSTEM32\dllcache\rwia001.dll
2008-12-15 19:12 . 2004-08-04 12:00 56,832 --a--c--- c:\windows\SYSTEM32\dllcache\rasphone.exe
2008-12-15 19:12 . 2004-08-04 12:00 26,624 --a--c--- c:\windows\SYSTEM32\dllcache\rw330ext.dll
2008-12-15 19:12 . 2004-08-04 12:00 26,112 --a--c--- c:\windows\SYSTEM32\dllcache\romanime.ime
2008-12-15 19:12 . 2004-08-04 12:00 24,576 --a--c--- c:\windows\SYSTEM32\dllcache\rw001ext.dll
2008-12-15 19:12 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\SYSTEM32\dllcache\EXCH_regtrace.exe
2008-12-15 19:12 . 2004-08-04 12:00 14,848 --a--c--- c:\windows\SYSTEM32\dllcache\register.exe
2008-12-15 19:10 . 2004-08-04 12:00 1,875,968 --a--c--- c:\windows\SYSTEM32\dllcache\msir3jp.lex
2008-12-15 19:10 . 2004-08-04 12:00 229,439 --a--c--- c:\windows\SYSTEM32\dllcache\multibox.dll
2008-12-15 19:10 . 2004-08-04 12:00 98,304 --a--c--- c:\windows\SYSTEM32\dllcache\msir3jp.dll
2008-12-15 19:09 . 2004-08-04 12:00 1,158,818 --a--c--- c:\windows\SYSTEM32\dllcache\korwbrkr.lex
2008-12-15 19:09 . 2004-08-04 12:00 92,416 --a--c--- c:\windows\SYSTEM32\dllcache\mga.sys
2008-12-15 19:09 . 2004-08-04 12:00 92,032 --a--c--- c:\windows\SYSTEM32\dllcache\mga.dll
2008-12-15 19:09 . 2004-08-04 12:00 70,656 --a--c--- c:\windows\SYSTEM32\dllcache\korwbrkr.dll
2008-12-15 19:09 . 2001-08-17 22:36 65,536 --a--c--- c:\windows\SYSTEM32\dllcache\EXCH_mailmsg.dll
2008-12-15 19:09 . 2004-08-04 12:00 47,066 --a--c--- c:\windows\SYSTEM32\dllcache\ksc.nls
2008-12-15 19:09 . 2004-08-04 12:00 33,792 --a--c--- c:\windows\SYSTEM32\dllcache\lmmib2.dll
2008-12-15 19:09 . 2004-08-04 12:00 22,528 --a--c--- c:\windows\SYSTEM32\dllcache\lpdsvc.dll
2008-12-15 19:09 . 2004-08-04 12:00 18,944 --a--c--- c:\windows\SYSTEM32\dllcache\lprmon.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-18 08:58 --------- d-----w c:\program files\Java
2008-12-15 23:43 --------- d-----w c:\program files\MSN Messenger
2008-11-27 02:32 --------- d-----w c:\program files\Bullfighter
2008-11-17 16:13 --------- d-----w c:\program files\Ultra QuickTime Converter
2008-11-17 15:37 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-11-17 15:36 --------- d-----w c:\program files\DVDVideoSoft
2008-10-24 13:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 13:07 --------- d-----w c:\program files\EPSON
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-10-13 180269]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\SYSTEM32\narrator.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^blueyonder Instant Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\blueyonder Instant Support Tool.lnk
backup=c:\windows\pss\blueyonder Instant Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 12:00 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C84 Series]
--a--c--- 2003-10-06 14:34 99840 c:\windows\SYSTEM32\spool\drivers\w32x86\3\E_S10IC2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2004-09-29 10:46 118784 c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2004-09-29 10:46 155648 c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2006-10-30 09:36 256576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 00:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
--a------ 2006-10-27 16:03 1696768 c:\program files\PCPitstop\Optimize\PCPOptimize.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]
--a--c--- 2006-10-27 16:03 889856 c:\program files\PCPitstop\Optimize\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-03-14 02:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-05-19 14:51 774233 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a--c--- 2006-05-19 14:52 86105 c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-10-13 12:40 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
--a------ 2003-04-07 05:41 176128 c:\windows\SYSTEM32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a--c--- 2003-02-10 07:59 47104 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Java\\j2re1.4.0_01\\bin\\javaw.exe"=
"c:\\WINDOWS\\SYSTEM32\\java.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Filetopia3\\Filetopia.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

.
Contents of the 'Scheduled Tasks' folder

2008-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-Workflow - E:\Workflow.exe


.
------- Supplementary Scan -------
.

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\SearchEngineQuery.dll - O16 -: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400}
hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-18 13:08:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(616)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\SYSTEM32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-12-18 13:14:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-18 13:14:18

Pre-Run: 1,754,095,616 bytes free
Post-Run: 1,682,604,032 bytes free

345 --- E O F --- 2008-12-15 20:33:29

Perhaps I should run something else... just in case?

Here's the most recent hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:29, on 2008-12-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2330732082-328408858-4259249450-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://eparshotam.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229385253289
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229385240480
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://eparshotam.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe (file missing)

--
End of file - 6447 bytes

Thanks a lot.
Ed.

0

Let's get rid of Combofix now that we are finished with it. Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.






When shown the disclaimer, Select "2"


The above procedure will: Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

==

Congratulations! Your log looks clean.

===============

Now that your PC is clean you need to follow these easy steps to keeping it this way:

Download CCleaner and install, then run it. It will clear out your temp folders.Uncheck "Cookies" under "Internet Explorer".
Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
Close when finished.

====

An alternative to Ccleaner is ATF Cleaner.
Download ATF (Atribune Temp File) Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

====

Use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera, which in my opinion, is better still.

====

Use a firewall. It is an essential part of your computers security. There is a link to a good, free firewall in my signature.

====

Install and keep updated,
Spybot S&D.
Run it on a regular basis, following the maker's recommendations.

====

Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.

====

Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.

=====

For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.

Go to Start | Run and type msconfig and press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.

Check the box labelled 'Turn off System restore'.

Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

Note that all previous restore points will be lost.

===============

Please mark this thread as solved if all is well.

If you have any more problems, post back.

-

Happy surfing,

crunchie.

==============

Attachments th_CF_Cleanup.png 9.98 KB
0

Thank you! That is a relief. I'll give Opera a try, I didn't get the problem 'cos of ie (I mainly use firefox) the problem was caused by a download from p2p.. won't be using that again.
Thanks again.
Ed

0

You are welcome :).

This thread is now closed. If you need it reopened, please send a PM to one of our Mods.

Include the link to the thread and detail why you need it reopened.

If this is not your thread please start a New Topic.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.