Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hosed Up Pretty Good


  • Please log in to reply
11 replies to this topic

#1 Ed M

Ed M

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 28 August 2007 - 07:34 PM

Ok, I seem to pretty hosed. It started with my intergrated wireless card not working. After some scanning I noticed a few things wrong and started to clean the system up. I deleted some registry keys and my wireless card started working again, however I noticed I still had some problems. The more I clean it the worse it seems to get.

Steps taken:

Avast
AVG
Hitman Pro 2


Here is my HJT log...

Logfile of HijackThis v1.99.1
Scan saved at 8:27:54 PM, on 8/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Apache\bin\ApacheMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ed.PROMPTPC1.000\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsrngt.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOM(2).lnk = C:\Program Files\Common Files\Adobe\Web\AOM.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache\bin\ApacheMonitor.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 29 August 2007 - 06:51 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Ed M :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Please move HijackThis to a permanent folder on the hard drive such as C:\HJT.
Create a new folder and place HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse any line entry deletion if found to be necessary.
If you run Hijackthis from the desktop, the files it removes will not be backed up properly.

How to create a new folder named HJT
1. Click Start/My Computer,in the 'My Computer' window,open the window in which you want to create the new folder,click on Local Disk C:
2. From the 'File' menu choose 'New'.
3. From the 'New' menu choose 'Folder'.
4. Type the folder name: HJT
5. Then press Enter.

You have Avast4 and AVG7 installed.
Its definitely not a good idea to have more than one antivirus program installed on your computer.
Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.
It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.
You should uninstall one or the other,then restart your pc.

Now go to:
C:\HJT\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.
Posted Image
Posted Image

#3 Ed M

Ed M
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 29 August 2007 - 08:37 AM

I don't generally run both Avast and AVG together. I was just install Avast hoping it could get rid of some of the problems. I removed AVG for now... Thanks for any help.

Logfile of HijackThis v1.99.1
Scan saved at 9:34:52 AM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apache\bin\ApacheMonitor.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\abc.bat
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOM(2).lnk = C:\Program Files\Common Files\Adobe\Web\AOM.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache\bin\ApacheMonitor.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: byxxuvw - byxxuvw.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 29 August 2007 - 02:30 PM

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#5 Ed M

Ed M
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 29 August 2007 - 09:07 PM

ComboFix Log

ComboFix 07-08-29.2 - "Ed" 2007-08-29 21:57:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1605 [GMT -4:00]


((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-30 )))))))))))))))))))))))))))))))


2007-08-29 09:30 <DIR> d-------- C:\HJT
2007-08-28 21:45 3,772 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-28 21:40 892,615 --a------ C:\SmitfraudFix.exe
2007-08-28 21:40 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-28 21:40 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-28 21:40 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-28 20:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-28 20:14 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-28 20:11 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\.housecall6.6
2007-08-28 20:09 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-28 12:16 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\APPLIC~1\Yahoo!
2007-08-28 12:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-08-28 09:14 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2007-08-27 23:10 <DIR> d-------- C:\Program Files\Street Hacker
2007-08-27 22:53 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\APPLIC~1\WinRAR
2007-08-27 22:44 <DIR> d-------- C:\Program Files\PowerISO
2007-08-27 20:08 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-27 20:08 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-27 20:08 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-27 20:08 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-27 20:08 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-27 20:08 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-27 20:08 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-27 20:08 <DIR> d-------- C:\Program Files\Alwil Software
2007-08-27 20:02 <DIR> d-------- C:\Program Files\CCleaner
2007-08-27 19:35 <DIR> d---s---- C:\DOCUME~1\NETWOR~1\Temporary Internet Files
2007-08-27 19:35 <DIR> d---s---- C:\DOCUME~1\NETWOR~1\History
2007-08-27 19:22 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\APPLIC~1\Lavasoft
2007-08-27 19:21 <DIR> d-------- C:\WINDOWS\system32\tempsz11
2007-08-27 19:21 <DIR> d-------- C:\WINDOWS\system32\IBD4
2007-08-27 19:21 <DIR> d-------- C:\WINDOWS\system32\drvfig32
2007-08-27 19:01 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\APPLIC~1\AdobeUM
2007-08-27 14:52 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-26 13:30 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-26 13:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-26 13:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-24 18:03 <DIR> d---s---- C:\DOCUME~1\EDPROM~1.000\UserData
2007-08-23 11:45 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-23 11:32 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-08-23 08:38 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\APPLIC~1\HP
2007-08-22 21:24 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\Bluetooth Software
2007-08-22 21:05 <DIR> d---s---- C:\DOCUME~1\EDPROM~1.000\Temporary Internet Files
2007-08-22 21:05 <DIR> d---s---- C:\DOCUME~1\EDPROM~1.000\History
2007-08-22 21:03 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\APPLIC~1\Intuit
2007-08-22 21:00 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2007-08-22 21:00 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2007-08-22 21:00 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2007-08-22 21:00 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2007-08-22 17:07 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\APPLIC~1\Lavasoft
2007-08-22 17:05 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\APPLIC~1\AdobeUM
2007-08-22 17:01 <DIR> d--hs---- C:\WINDOWS\RWQ
2007-08-22 16:54 <DIR> d-------- C:\Downloads
2007-08-22 09:35 <DIR> d---s---- C:\DOCUME~1\ED7009~1.PRO\UserData
2007-08-20 13:27 <DIR> d-------- C:\Program Files\NETGEAR
2007-08-20 09:32 <DIR> d-------- C:\Program Files\Program Files
2007-08-20 09:29 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\APPLIC~1\Sonic
2007-08-20 09:29 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\APPLIC~1\Leadertech
2007-08-20 08:45 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\APPLIC~1\GTek
2007-08-17 16:19 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\Bluetooth Software
2007-08-17 16:15 <DIR> d---s---- C:\DOCUME~1\ED7009~1.PRO\History
2007-08-17 16:13 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\APPLIC~1\Intuit
2007-08-17 15:11 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\APPLIC~1\GlobalSCAPE
2007-08-17 11:07 <DIR> d-------- C:\Program Files\Broadcom
2007-08-17 08:49 <DIR> d-------- C:\DOCUME~1\Test\APPLIC~1\HP
2007-08-17 08:48 <DIR> d-------- C:\DOCUME~1\Test\History
2007-08-17 08:48 <DIR> d-------- C:\DOCUME~1\Test\APPLIC~1\Intuit


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-28 20:20 --------- d-------- C:\Program Files\BitComet
2007-08-28 16:38 --------- d-------- C:\Program Files\Hitman Pro
2007-08-28 16:34 --------- d-------- C:\Program Files\Spyware Doctor
2007-08-28 15:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-28 13:52 --------- d-------- C:\Program Files\SpywareBlaster
2007-08-28 11:51 --------- d-------- C:\Program Files\Yahoo!
2007-08-27 19:35 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-08-27 19:35 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-26 13:30 --------- d-------- C:\Program Files\QuickTime
2007-08-22 21:22 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-22 21:22 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-22 21:18 --------- d-------- C:\Program Files\Quicken
2007-08-22 21:18 --------- d-------- C:\Program Files\Common Files\Intuit
2007-08-22 21:13 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-08-22 21:04 1713 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_NTBK_Presario V6000 (EX993AV#ABA)_YN_0Pres_QCNF64508QQ_E432249001_46_I30B7_SQuanta_V65.21_BF.1A_T061025_WXP2_L409_M2015_J80_7AMD_8Turion 64 X2 Technology TL-52_91.61_#060720_N_(EX993AV#ABA)_XMOBILE_CN10_Z.MRK
2007-08-22 21:00 --------- d-------- C:\Program Files\HPQ
2007-08-22 20:32 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-08-22 20:27 --------- d-------- C:\Program Files\Quickensetup
2007-08-22 20:26 --------- d-------- C:\Program Files\NetWaiting
2007-08-22 20:25 --------- d-------- C:\Program Files\music_now
2007-08-22 20:25 --------- d-------- C:\Program Files\Microsoft Works
2007-08-22 20:24 --------- d-------- C:\Program Files\Microsoft Office Trial Wizard
2007-08-22 20:24 --------- d-------- C:\Program Files\Microsoft Money 2006
2007-08-22 20:23 --------- d-------- C:\Program Files\HP Rhapsody
2007-08-22 20:22 --------- d-------- C:\Program Files\DivX
2007-08-22 20:22 --------- d-------- C:\Program Files\CONEXANT
2007-08-22 20:21 --------- d-------- C:\Program Files\Common Files\SureThing Shared
2007-08-22 20:21 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-22 20:20 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-08-22 20:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-08-22 20:16 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-08-20 10:35 --------- d-------- C:\Program Files\DOSBox-0.65
2007-07-27 12:15 --------- d-------- C:\DOCUME~1\Ed\APPLIC~1\Alien Skin
2007-06-29 20:35 --------- d-------- C:\Program Files\HP TWAIN Data Source
2007-06-29 20:34 --------- d-------- C:\Program Files\HP Officejet D Series_WebPack_English_WinXP
2005-09-24 11:49 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 01:58]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-26 15:48]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-26 15:48]
"nwiz"="nwiz.exe" [2006-04-26 15:48 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 16:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 01:01]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-06-22 00:54]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 19:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 19:30]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 18:21]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 19:02]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 13:23]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-26 13:25]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 18:03]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 08:23]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-20 16:30]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-19 12:06:12]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-19 12:06:12]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26]
AOM(2).lnk - C:\Program Files\Common Files\Adobe\Web\AOM.exe [2006-11-19 12:06:02]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 13:33:22]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 12:39:30]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
Monitor Apache Servers.lnk - C:\Program Files\Apache\bin\ApacheMonitor.exe [2007-01-09 23:20:44]
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 16:05:52]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-04-19 22:26:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxuvw]
byxxuvw.dll

R2 MSMQ;Message Queuing;C:\WINDOWS\system32\mqsvc.exe
R2 MSMQTriggers;Message Queuing Triggers;C:\WINDOWS\system32\mqtgsvc.exe
R3 HBtnKey;HBtnKey;C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
R3 MQAC;Message Queuing access control;\??\C:\WINDOWS\system32\drivers\mqac.sys
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys
R3 RMCAST;Reliable Multicast Protocol driver;\??\C:\WINDOWS\system32\drivers\RMCast.sys
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\autorun.exe


Contents of the 'Scheduled Tasks' folder
2007-08-28 12:55:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-29 22:03:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????X??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-29 22:03:56
C:\ComboFix-quarantined-files.txt ... 2007-08-29 22:03
C:\ComboFix2.txt ... 2007-08-28 21:27

--- E O F ---



HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 10:07:02 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apache\bin\ApacheMonitor.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HJT\abc.bat

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOM(2).lnk = C:\Program Files\Common Files\Adobe\Web\AOM.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache\bin\ApacheMonitor.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: byxxuvw - byxxuvw.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 30 August 2007 - 03:51 AM

Copy and paste ALL the following blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

LookDir::
C:\WINDOWS\system32\tempsz11
C:\WINDOWS\system32\drvfig32

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxuvw]

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.

Edited by RichieUK, 30 August 2007 - 03:53 AM.

Posted Image
Posted Image

#7 Ed M

Ed M
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 30 August 2007 - 07:41 AM

ComboFix Log

ComboFix 07-08-29.2 - "Ed" 2007-08-30 8:37:13.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1548 [GMT -4:00]
Command switches used :: C:\Documents and Settings\Ed.PROMPTPC1.000\Desktop\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-30 )))))))))))))))))))))))))))))))


2007-08-29 09:30 <DIR> d-------- C:\HJT
2007-08-28 21:45 3,772 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-28 21:40 892,615 --a------ C:\SmitfraudFix.exe
2007-08-28 21:40 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-28 21:40 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-28 21:40 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-28 20:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-28 20:14 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-28 20:11 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\.housecall6.6
2007-08-28 20:09 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-28 12:16 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\APPLIC~1\Yahoo!
2007-08-28 12:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-08-28 09:14 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2007-08-27 23:10 <DIR> d-------- C:\Program Files\Street Hacker
2007-08-27 22:53 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\APPLIC~1\WinRAR
2007-08-27 22:44 <DIR> d-------- C:\Program Files\PowerISO
2007-08-27 20:08 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-27 20:08 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-27 20:08 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-27 20:08 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-27 20:08 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-27 20:08 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-27 20:08 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-27 20:08 <DIR> d-------- C:\Program Files\Alwil Software
2007-08-27 20:02 <DIR> d-------- C:\Program Files\CCleaner
2007-08-27 19:35 <DIR> d---s---- C:\DOCUME~1\NETWOR~1\Temporary Internet Files
2007-08-27 19:35 <DIR> d---s---- C:\DOCUME~1\NETWOR~1\History
2007-08-27 19:22 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\APPLIC~1\Lavasoft
2007-08-27 19:21 <DIR> d-------- C:\WINDOWS\system32\tempsz11
2007-08-27 19:21 <DIR> d-------- C:\WINDOWS\system32\IBD4
2007-08-27 19:21 <DIR> d-------- C:\WINDOWS\system32\drvfig32
2007-08-27 19:01 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\APPLIC~1\AdobeUM
2007-08-27 14:52 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-26 13:30 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-26 13:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-26 13:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-24 18:03 <DIR> d---s---- C:\DOCUME~1\EDPROM~1.000\UserData
2007-08-23 11:45 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-23 11:32 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-08-23 08:38 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\APPLIC~1\HP
2007-08-22 21:24 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\Bluetooth Software
2007-08-22 21:05 <DIR> d---s---- C:\DOCUME~1\EDPROM~1.000\Temporary Internet Files
2007-08-22 21:05 <DIR> d---s---- C:\DOCUME~1\EDPROM~1.000\History
2007-08-22 21:03 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\APPLIC~1\Intuit
2007-08-22 21:00 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2007-08-22 21:00 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2007-08-22 21:00 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2007-08-22 21:00 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2007-08-22 17:07 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\APPLIC~1\Lavasoft
2007-08-22 17:05 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\APPLIC~1\AdobeUM
2007-08-22 17:01 <DIR> d--hs---- C:\WINDOWS\RWQ
2007-08-22 16:54 <DIR> d-------- C:\Downloads
2007-08-22 09:35 <DIR> d---s---- C:\DOCUME~1\ED7009~1.PRO\UserData
2007-08-20 13:27 <DIR> d-------- C:\Program Files\NETGEAR
2007-08-20 09:32 <DIR> d-------- C:\Program Files\Program Files
2007-08-20 09:29 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\APPLIC~1\Sonic
2007-08-20 09:29 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\APPLIC~1\Leadertech
2007-08-20 08:45 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\APPLIC~1\GTek
2007-08-17 16:19 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\Bluetooth Software
2007-08-17 16:15 <DIR> d---s---- C:\DOCUME~1\ED7009~1.PRO\History
2007-08-17 16:13 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\APPLIC~1\Intuit
2007-08-17 15:11 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\APPLIC~1\GlobalSCAPE
2007-08-17 11:07 <DIR> d-------- C:\Program Files\Broadcom
2007-08-17 08:49 <DIR> d-------- C:\DOCUME~1\Test\APPLIC~1\HP
2007-08-17 08:48 <DIR> d-------- C:\DOCUME~1\Test\History
2007-08-17 08:48 <DIR> d-------- C:\DOCUME~1\Test\APPLIC~1\Intuit


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-28 20:20 --------- d-------- C:\Program Files\BitComet
2007-08-28 16:38 --------- d-------- C:\Program Files\Hitman Pro
2007-08-28 16:34 --------- d-------- C:\Program Files\Spyware Doctor
2007-08-28 15:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-28 13:52 --------- d-------- C:\Program Files\SpywareBlaster
2007-08-28 11:51 --------- d-------- C:\Program Files\Yahoo!
2007-08-27 19:35 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-08-27 19:35 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-26 13:30 --------- d-------- C:\Program Files\QuickTime
2007-08-22 21:22 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-22 21:22 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-22 21:18 --------- d-------- C:\Program Files\Quicken
2007-08-22 21:18 --------- d-------- C:\Program Files\Common Files\Intuit
2007-08-22 21:13 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-08-22 21:04 1713 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_NTBK_Presario V6000 (EX993AV#ABA)_YN_0Pres_QCNF64508QQ_E432249001_46_I30B7_SQuanta_V65.21_BF.1A_T061025_WXP2_L409_M2015_J80_7AMD_8Turion 64 X2 Technology TL-52_91.61_#060720_N_(EX993AV#ABA)_XMOBILE_CN10_Z.MRK
2007-08-22 21:00 --------- d-------- C:\Program Files\HPQ
2007-08-22 20:32 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-08-22 20:27 --------- d-------- C:\Program Files\Quickensetup
2007-08-22 20:26 --------- d-------- C:\Program Files\NetWaiting
2007-08-22 20:25 --------- d-------- C:\Program Files\music_now
2007-08-22 20:25 --------- d-------- C:\Program Files\Microsoft Works
2007-08-22 20:24 --------- d-------- C:\Program Files\Microsoft Office Trial Wizard
2007-08-22 20:24 --------- d-------- C:\Program Files\Microsoft Money 2006
2007-08-22 20:23 --------- d-------- C:\Program Files\HP Rhapsody
2007-08-22 20:22 --------- d-------- C:\Program Files\DivX
2007-08-22 20:22 --------- d-------- C:\Program Files\CONEXANT
2007-08-22 20:21 --------- d-------- C:\Program Files\Common Files\SureThing Shared
2007-08-22 20:21 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-22 20:20 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-08-22 20:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-08-22 20:16 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-08-20 10:35 --------- d-------- C:\Program Files\DOSBox-0.65
2007-07-27 12:15 --------- d-------- C:\DOCUME~1\Ed\APPLIC~1\Alien Skin
2007-06-29 20:35 --------- d-------- C:\Program Files\HP TWAIN Data Source
2007-06-29 20:34 --------- d-------- C:\Program Files\HP Officejet D Series_WebPack_English_WinXP
2005-09-24 11:49 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 01:58]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-26 15:48]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-26 15:48]
"nwiz"="nwiz.exe" [2006-04-26 15:48 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 16:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 01:01]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-06-22 00:54]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 19:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 19:30]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 18:21]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 19:02]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 13:23]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-26 13:25]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 18:03]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 08:23]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-20 16:30]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-19 12:06:12]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-19 12:06:12]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26]
AOM(2).lnk - C:\Program Files\Common Files\Adobe\Web\AOM.exe [2006-11-19 12:06:02]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 13:33:22]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 12:39:30]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
Monitor Apache Servers.lnk - C:\Program Files\Apache\bin\ApacheMonitor.exe [2007-01-09 23:20:44]
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 16:05:52]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-04-19 22:26:20]

R2 MSMQ;Message Queuing;C:\WINDOWS\system32\mqsvc.exe
R2 MSMQTriggers;Message Queuing Triggers;C:\WINDOWS\system32\mqtgsvc.exe
R3 HBtnKey;HBtnKey;C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
R3 MQAC;Message Queuing access control;\??\C:\WINDOWS\system32\drivers\mqac.sys
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys
R3 RMCAST;Reliable Multicast Protocol driver;\??\C:\WINDOWS\system32\drivers\RMCast.sys
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\autorun.exe


Contents of the 'Scheduled Tasks' folder
2007-08-28 12:55:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-30 08:38:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????X??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-30 8:38:27
C:\ComboFix-quarantined-files.txt ... 2007-08-30 08:38
C:\ComboFix2.txt ... 2007-08-29 22:03
C:\ComboFix3.txt ... 2007-08-28 21:27

--- E O F ---



HJT

Logfile of HijackThis v1.99.1
Scan saved at 8:41:06 AM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apache\bin\ApacheMonitor.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HJT\abc.bat

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOM(2).lnk = C:\Program Files\Common Files\Adobe\Web\AOM.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache\bin\ApacheMonitor.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


ComboFix Log

ComboFix 07-08-29.2 - "Ed" 2007-08-30 8:37:13.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1548 [GMT -4:00]
Command switches used :: C:\Documents and Settings\Ed.PROMPTPC1.000\Desktop\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-30 )))))))))))))))))))))))))))))))


2007-08-29 09:30 <DIR> d-------- C:\HJT
2007-08-28 21:45 3,772 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-28 21:40 892,615 --a------ C:\SmitfraudFix.exe
2007-08-28 21:40 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-28 21:40 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-28 21:40 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-28 20:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-28 20:14 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-28 20:11 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\.housecall6.6
2007-08-28 20:09 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-28 12:16 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\APPLIC~1\Yahoo!
2007-08-28 12:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-08-28 09:14 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2007-08-27 23:10 <DIR> d-------- C:\Program Files\Street Hacker
2007-08-27 22:53 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\APPLIC~1\WinRAR
2007-08-27 22:44 <DIR> d-------- C:\Program Files\PowerISO
2007-08-27 20:08 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-27 20:08 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-27 20:08 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-27 20:08 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-27 20:08 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-27 20:08 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-27 20:08 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-27 20:08 <DIR> d-------- C:\Program Files\Alwil Software
2007-08-27 20:02 <DIR> d-------- C:\Program Files\CCleaner
2007-08-27 19:35 <DIR> d---s---- C:\DOCUME~1\NETWOR~1\Temporary Internet Files
2007-08-27 19:35 <DIR> d---s---- C:\DOCUME~1\NETWOR~1\History
2007-08-27 19:22 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\APPLIC~1\Lavasoft
2007-08-27 19:21 <DIR> d-------- C:\WINDOWS\system32\tempsz11
2007-08-27 19:21 <DIR> d-------- C:\WINDOWS\system32\IBD4
2007-08-27 19:21 <DIR> d-------- C:\WINDOWS\system32\drvfig32
2007-08-27 19:01 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\APPLIC~1\AdobeUM
2007-08-27 14:52 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-26 13:30 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-26 13:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-26 13:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-24 18:03 <DIR> d---s---- C:\DOCUME~1\EDPROM~1.000\UserData
2007-08-23 11:45 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-23 11:32 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-08-23 08:38 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\APPLIC~1\HP
2007-08-22 21:24 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\Bluetooth Software
2007-08-22 21:05 <DIR> d---s---- C:\DOCUME~1\EDPROM~1.000\Temporary Internet Files
2007-08-22 21:05 <DIR> d---s---- C:\DOCUME~1\EDPROM~1.000\History
2007-08-22 21:03 <DIR> d-------- C:\DOCUME~1\EDPROM~1.000\APPLIC~1\Intuit
2007-08-22 21:00 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2007-08-22 21:00 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2007-08-22 21:00 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2007-08-22 21:00 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2007-08-22 17:07 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\APPLIC~1\Lavasoft
2007-08-22 17:05 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\APPLIC~1\AdobeUM
2007-08-22 17:01 <DIR> d--hs---- C:\WINDOWS\RWQ
2007-08-22 16:54 <DIR> d-------- C:\Downloads
2007-08-22 09:35 <DIR> d---s---- C:\DOCUME~1\ED7009~1.PRO\UserData
2007-08-20 13:27 <DIR> d-------- C:\Program Files\NETGEAR
2007-08-20 09:32 <DIR> d-------- C:\Program Files\Program Files
2007-08-20 09:29 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\APPLIC~1\Sonic
2007-08-20 09:29 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\APPLIC~1\Leadertech
2007-08-20 08:45 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\APPLIC~1\GTek
2007-08-17 16:19 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\Bluetooth Software
2007-08-17 16:15 <DIR> d---s---- C:\DOCUME~1\ED7009~1.PRO\History
2007-08-17 16:13 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\APPLIC~1\Intuit
2007-08-17 15:11 <DIR> d-------- C:\DOCUME~1\ED7009~1.PRO\APPLIC~1\GlobalSCAPE
2007-08-17 11:07 <DIR> d-------- C:\Program Files\Broadcom
2007-08-17 08:49 <DIR> d-------- C:\DOCUME~1\Test\APPLIC~1\HP
2007-08-17 08:48 <DIR> d-------- C:\DOCUME~1\Test\History
2007-08-17 08:48 <DIR> d-------- C:\DOCUME~1\Test\APPLIC~1\Intuit


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-28 20:20 --------- d-------- C:\Program Files\BitComet
2007-08-28 16:38 --------- d-------- C:\Program Files\Hitman Pro
2007-08-28 16:34 --------- d-------- C:\Program Files\Spyware Doctor
2007-08-28 15:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-28 13:52 --------- d-------- C:\Program Files\SpywareBlaster
2007-08-28 11:51 --------- d-------- C:\Program Files\Yahoo!
2007-08-27 19:35 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-08-27 19:35 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-26 13:30 --------- d-------- C:\Program Files\QuickTime
2007-08-22 21:22 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-22 21:22 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-22 21:18 --------- d-------- C:\Program Files\Quicken
2007-08-22 21:18 --------- d-------- C:\Program Files\Common Files\Intuit
2007-08-22 21:13 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-08-22 21:04 1713 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_NTBK_Presario V6000 (EX993AV#ABA)_YN_0Pres_QCNF64508QQ_E432249001_46_I30B7_SQuanta_V65.21_BF.1A_T061025_WXP2_L409_M2015_J80_7AMD_8Turion 64 X2 Technology TL-52_91.61_#060720_N_(EX993AV#ABA)_XMOBILE_CN10_Z.MRK
2007-08-22 21:00 --------- d-------- C:\Program Files\HPQ
2007-08-22 20:32 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-08-22 20:27 --------- d-------- C:\Program Files\Quickensetup
2007-08-22 20:26 --------- d-------- C:\Program Files\NetWaiting
2007-08-22 20:25 --------- d-------- C:\Program Files\music_now
2007-08-22 20:25 --------- d-------- C:\Program Files\Microsoft Works
2007-08-22 20:24 --------- d-------- C:\Program Files\Microsoft Office Trial Wizard
2007-08-22 20:24 --------- d-------- C:\Program Files\Microsoft Money 2006
2007-08-22 20:23 --------- d-------- C:\Program Files\HP Rhapsody
2007-08-22 20:22 --------- d-------- C:\Program Files\DivX
2007-08-22 20:22 --------- d-------- C:\Program Files\CONEXANT
2007-08-22 20:21 --------- d-------- C:\Program Files\Common Files\SureThing Shared
2007-08-22 20:21 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-22 20:20 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-08-22 20:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-08-22 20:16 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-08-20 10:35 --------- d-------- C:\Program Files\DOSBox-0.65
2007-07-27 12:15 --------- d-------- C:\DOCUME~1\Ed\APPLIC~1\Alien Skin
2007-06-29 20:35 --------- d-------- C:\Program Files\HP TWAIN Data Source
2007-06-29 20:34 --------- d-------- C:\Program Files\HP Officejet D Series_WebPack_English_WinXP
2005-09-24 11:49 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 01:58]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-26 15:48]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-26 15:48]
"nwiz"="nwiz.exe" [2006-04-26 15:48 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 16:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 01:01]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-06-22 00:54]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 19:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 19:30]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 18:21]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 19:02]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 13:23]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-26 13:25]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 18:03]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 08:23]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-20 16:30]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-19 12:06:12]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-19 12:06:12]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26]
AOM(2).lnk - C:\Program Files\Common Files\Adobe\Web\AOM.exe [2006-11-19 12:06:02]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 13:33:22]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 12:39:30]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
Monitor Apache Servers.lnk - C:\Program Files\Apache\bin\ApacheMonitor.exe [2007-01-09 23:20:44]
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 16:05:52]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-04-19 22:26:20]

R2 MSMQ;Message Queuing;C:\WINDOWS\system32\mqsvc.exe
R2 MSMQTriggers;Message Queuing Triggers;C:\WINDOWS\system32\mqtgsvc.exe
R3 HBtnKey;HBtnKey;C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
R3 MQAC;Message Queuing access control;\??\C:\WINDOWS\system32\drivers\mqac.sys
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys
R3 RMCAST;Reliable Multicast Protocol driver;\??\C:\WINDOWS\system32\drivers\RMCast.sys
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\autorun.exe


Contents of the 'Scheduled Tasks' folder
2007-08-28 12:55:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-30 08:38:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????X??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-30 8:38:27
C:\ComboFix-quarantined-files.txt ... 2007-08-30 08:38
C:\ComboFix2.txt ... 2007-08-29 22:03
C:\ComboFix3.txt ... 2007-08-28 21:27

--- E O F ---



HJT

Logfile of HijackThis v1.99.1
Scan saved at 8:41:06 AM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apache\bin\ApacheMonitor.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HJT\abc.bat

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOM(2).lnk = C:\Program Files\Common Files\Adobe\Web\AOM.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache\bin\ApacheMonitor.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 30 August 2007 - 08:19 AM

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,on the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#9 Ed M

Ed M
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 30 August 2007 - 09:04 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/30/2007 at 09:50 AM

Application Version : 3.9.1008

Core Rules Database Version : 3296
Trace Rules Database Version: 1305

Scan type : Quick Scan
Total Scan Time : 00:23:32

Memory items scanned : 526
Memory threats detected : 0
Registry items scanned : 811
Registry threats detected : 0
File items scanned : 20660
File threats detected : 107

Adware.Tracking Cookie
C:\Documents and Settings\Ed.PROMPTPC1.000\Cookies\ed@adserving[2].txt
C:\Documents and Settings\Ed.PROMPTPC1.000\Cookies\ed@adultfriendfinder[1].txt
C:\Documents and Settings\Ed.PROMPTPC1.000\Cookies\ed@ads.cnn[1].txt
C:\Documents and Settings\Ed.PROMPTPC1.000\Cookies\ed@revsci[1].txt
C:\Documents and Settings\Ed.PROMPTPC1.000\Cookies\ed@atwola[1].txt
C:\Documents and Settings\Ed.PROMPTPC1.000\Cookies\ed@adserver[1].txt
C:\Documents and Settings\Ed.PROMPTPC1.000\Cookies\ed@adopt.euroclick[2].txt
C:\Documents and Settings\Ed.PROMPTPC1.000\Cookies\ed@interclick[2].txt
C:\Documents and Settings\Ed.PROMPTPC1.000\Cookies\ed@cpvfeed[2].txt
C:\Documents and Settings\Ed.PROMPTPC1.000\Cookies\ed@stats.sphere[1].txt
C:\Documents and Settings\Ed.PROMPTPC1.000\Cookies\ed@tacoda[2].txt
C:\Documents and Settings\Ed.PROMPTPC1.000\Cookies\ed@login.revenueloop[2].txt
C:\Documents and Settings\Ed.PROMPTPC1.000\Cookies\ed@mediaonenetwork[1].txt
C:\Documents and Settings\Ed.PROMPTPC1.000\Cookies\ed@1060645675[1].txt
C:\Documents and Settings\Ed.PROMPTPC1.000\Cookies\ed@indiads[1].txt
C:\Documents and Settings\Ed.PROMPTPC1.000\Cookies\ed@realmedia[1].txt
C:\Documents and Settings\Ed.PROMPTPC1.000\Cookies\ed@onlinerewardcenter[1].txt
C:\Documents and Settings\Ed\Cookies\ed@1-click[1].txt
C:\Documents and Settings\Ed\Cookies\ed@acvs.mediaonenetwork[1].txt
C:\Documents and Settings\Ed\Cookies\ed@ad-demo.bmezine[1].txt
C:\Documents and Settings\Ed\Cookies\ed@ad.adnetinteractive[2].txt
C:\Documents and Settings\Ed\Cookies\ed@ad.creafi[2].txt
C:\Documents and Settings\Ed\Cookies\ed@ad.nicoclub[1].txt
C:\Documents and Settings\Ed\Cookies\ed@ad.zanox[1].txt
C:\Documents and Settings\Ed\Cookies\ed@ad2.adnetinteractive[2].txt
C:\Documents and Settings\Ed\Cookies\ed@adbriteandfreestyle[1].txt
C:\Documents and Settings\Ed\Cookies\ed@ads.addesktop[2].txt
C:\Documents and Settings\Ed\Cookies\ed@ads.adultswim[1].txt
C:\Documents and Settings\Ed\Cookies\ed@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\Ed\Cookies\ed@ads.as4x.tmcs[2].txt
C:\Documents and Settings\Ed\Cookies\ed@ads.belointeractive[2].txt
C:\Documents and Settings\Ed\Cookies\ed@ads.expedia[1].txt
C:\Documents and Settings\Ed\Cookies\ed@ads.freeonlinegames[1].txt
C:\Documents and Settings\Ed\Cookies\ed@ads.glispa[2].txt
C:\Documents and Settings\Ed\Cookies\ed@ads.jokeroo[2].txt
C:\Documents and Settings\Ed\Cookies\ed@ads.monster[1].txt
C:\Documents and Settings\Ed\Cookies\ed@ads.shoutfile[2].txt
C:\Documents and Settings\Ed\Cookies\ed@ads.technologyguide[1].txt
C:\Documents and Settings\Ed\Cookies\ed@ads.thepilot[1].txt
C:\Documents and Settings\Ed\Cookies\ed@ads.ytmnd[1].txt
C:\Documents and Settings\Ed\Cookies\ed@adsrevenue[1].txt
C:\Documents and Settings\Ed\Cookies\ed@adultadworld[1].txt
C:\Documents and Settings\Ed\Cookies\ed@adultswim[1].txt
C:\Documents and Settings\Ed\Cookies\ed@advertpro[1].txt
C:\Documents and Settings\Ed\Cookies\ed@atwola[2].txt
C:\Documents and Settings\Ed\Cookies\ed@audit.median[1].txt
C:\Documents and Settings\Ed\Cookies\ed@banners.guns[1].txt
C:\Documents and Settings\Ed\Cookies\ed@banners.pictures.sprintpcs[2].txt
C:\Documents and Settings\Ed\Cookies\ed@campaign.indieclick[1].txt
C:\Documents and Settings\Ed\Cookies\ed@clicksor[1].txt
C:\Documents and Settings\Ed\Cookies\ed@ecnext.advertserve[1].txt
C:\Documents and Settings\Ed\Cookies\ed@enterprise.clickdefense[2].txt
C:\Documents and Settings\Ed\Cookies\ed@halconbat.tripod[2].txt
C:\Documents and Settings\Ed\Cookies\ed@icc.intellisrv[2].txt
C:\Documents and Settings\Ed\Cookies\ed@interclick[2].txt
C:\Documents and Settings\Ed\Cookies\ed@itxt.vibrantmedia[2].txt
C:\Documents and Settings\Ed\Cookies\ed@leadprocesstrack[1].txt
C:\Documents and Settings\Ed\Cookies\ed@m1.webstats.motigo[1].txt
C:\Documents and Settings\Ed\Cookies\ed@media.hotels[1].txt
C:\Documents and Settings\Ed\Cookies\ed@media.wii.ign[2].txt
C:\Documents and Settings\Ed\Cookies\ed@media.xbox360.ign[2].txt
C:\Documents and Settings\Ed\Cookies\ed@mediaonenetwork[1].txt
C:\Documents and Settings\Ed\Cookies\ed@member.sexarchive[2].txt
C:\Documents and Settings\Ed\Cookies\ed@mycounter.tinycounter[1].txt
C:\Documents and Settings\Ed\Cookies\ed@nextag[2].txt
C:\Documents and Settings\Ed\Cookies\ed@observer.advertserve[1].txt
C:\Documents and Settings\Ed\Cookies\ed@partner2profit[1].txt
C:\Documents and Settings\Ed\Cookies\ed@porn.iwantanewgirlfriend[2].txt
C:\Documents and Settings\Ed\Cookies\ed@pornorip[2].txt
C:\Documents and Settings\Ed\Cookies\ed@pornotube[2].txt
C:\Documents and Settings\Ed\Cookies\ed@primedia.us.intellitxt[1].txt
C:\Documents and Settings\Ed\Cookies\ed@publishers.clickbooth[2].txt
C:\Documents and Settings\Ed\Cookies\ed@qnsr[1].txt
C:\Documents and Settings\Ed\Cookies\ed@redorbit[2].txt
C:\Documents and Settings\Ed\Cookies\ed@richmedia.yahoo[1].txt
C:\Documents and Settings\Ed\Cookies\ed@smileycentral[1].txt
C:\Documents and Settings\Ed\Cookies\ed@stats[1].txt
C:\Documents and Settings\Ed\Cookies\ed@toplist.bitcomet[2].txt
C:\Documents and Settings\Ed\Cookies\ed@track.bestbuy[1].txt
C:\Documents and Settings\Ed\Cookies\ed@tracking.foxnews[2].txt
C:\Documents and Settings\Ed\Cookies\ed@usenext[2].txt
C:\Documents and Settings\Ed\Cookies\ed@warlog[2].txt
C:\Documents and Settings\Ed\Cookies\ed@www.100hitz[1].txt
C:\Documents and Settings\Ed\Cookies\ed@www.fullreleases[1].txt
C:\Documents and Settings\Ed\Cookies\ed@xcounters[1].txt
C:\Documents and Settings\Ed\Cookies\ed@xiti[1].txt
C:\Documents and Settings\Ed\Local Settings\Temp\Cookies\ed@atwola[1].txt
C:\Documents and Settings\Ed\Local Settings\Temp\Cookies\ed@kanoodle[2].txt
C:\Documents and Settings\Ed\Local Settings\Temp\Cookies\ed@partner2profit[1].txt
C:\Documents and Settings\Ed.PROMPTPC1\Cookies\ed@ad2.adnetinteractive[2].txt
C:\Documents and Settings\Ed.PROMPTPC1\Cookies\ed@adecn[1].txt
C:\Documents and Settings\Ed.PROMPTPC1\Cookies\ed@ads.belointeractive[1].txt
C:\Documents and Settings\Ed.PROMPTPC1\Cookies\ed@ads.k8l[1].txt
C:\Documents and Settings\Ed.PROMPTPC1\Cookies\ed@atwola[1].txt
C:\Documents and Settings\Ed.PROMPTPC1\Cookies\ed@go.winantispyware[2].txt
C:\Documents and Settings\Ed.PROMPTPC1\Cookies\ed@go.winantivirus[1].txt
C:\Documents and Settings\Ed.PROMPTPC1\Cookies\ed@gostats[1].txt
C:\Documents and Settings\Ed.PROMPTPC1\Cookies\ed@i.screensavers[1].txt
C:\Documents and Settings\Ed.PROMPTPC1\Cookies\ed@media.fimnetwork[2].txt
C:\Documents and Settings\Ed.PROMPTPC1\Cookies\ed@screensavers[1].txt
C:\Documents and Settings\Ed.PROMPTPC1\Cookies\ed@toplist[1].txt
C:\Documents and Settings\Ed.PROMPTPC1\Cookies\ed@try.screensavers[1].txt
C:\Documents and Settings\Ed.PROMPTPC1\Cookies\ed@winantispyware[2].txt
C:\Documents and Settings\Ed.PROMPTPC1\Cookies\ed@winantivirus[2].txt

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
C:\DOCUMENTS AND SETTINGS\ED\LOCAL SETTINGS\TEMP\NI.UWA7P_0001_N91M0809\SETUP.EXE

Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\DOCUMENTS AND SETTINGS\ED.PROMPTPC1\LOCAL SETTINGS\TEMP\NI.UWAS6_0001_N91M1508\SETUP.EXE

Trojan.Downloader-Gen/Upd-NoEM
C:\GAMES\SIERRA\SHADOWS\UPDATE2.EXE


Logfile of HijackThis v1.99.1
Scan saved at 10:03:14 AM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apache\bin\ApacheMonitor.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HJT\abc.bat

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOM(2).lnk = C:\Program Files\Common Files\Adobe\Web\AOM.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache\bin\ApacheMonitor.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 30 August 2007 - 09:13 AM

Your log is clean,hows your pc running now.
Posted Image
Posted Image

#11 Ed M

Ed M
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 30 August 2007 - 09:18 AM

Your log is clean,hows your pc running now.



Seems to be doing better, however my issue that had me start searching pretty hard is still present. My intergrated wireless adapter quit working and I found some registry keys that were assoicated to a virus. I deleted them and my adapter started working. Although a restart later it quit again. I need to find what is in the registry messing me up.

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 30 August 2007 - 11:21 AM

Download the trial version of Spy Sweeper:
http://www.webroot.com/shoppingcart/tryme....&vcode=DT14

Install it using the Standard Install option.
You will be asked for your e-mail address,it's safe to give it.
If you receive alerts from your firewall,allow all activities for Spy Sweeper.

You will be prompted to check for updated definitions,please do so,this may take several minutes so please be patient.

Once the updates have been installed,click on 'Options' and check/enable 'Full Sweep [Reccommended]'.
Click on 'Sweep',then 'Start Full Sweep' and allow it to fully scan your system.

When the sweep has finished,click 'Select All' and then click 'Quarantine Selected'.
Under the 'Summary' tab, select 'View Session Log'.
Click 'Save to File' and save the log to your desktop.

Exit Spy Sweeper.
Restart your pc,then copy and paste the SpySweeper log into your next reply.


Run this online virus/spyware scan using Internet Explorer:
Kaspersky WebScanner
Next click Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Standard
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:
Select My Computer
This will start the program and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste the contents of that file into your next reply.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users